From: Michael Paquier Date: Sat, 10 Sep 2022 07:56:07 +0000 (+0900) Subject: Free correctly LDAPMessage returned by ldap_search_s() in auth.c X-Git-Url: http://git.postgresql.org/gitweb/-?a=commitdiff_plain;h=799437e0bd3259c90d26e195894b6e22eb0b325c;p=users%2Frhaas%2Fpostgres.git Free correctly LDAPMessage returned by ldap_search_s() in auth.c The LDAP wiki states that the search message should be freed regardless of the return value of ldap_search_s(), but we failed to do so in one backend code path when searching LDAP with a filter. This is not critical in an authentication code path failing in the backend as this causes such the process to exit promptly, but let's be clean and free the search message appropriately, as documented by upstream. All the other code paths failing a LDAP operation do that already, and somebody looking at this code in the future may miss what LDAP expects with the search message. Author: Zhihong Yu Discussion: https://postgr.es/m/CALNJ-vTf5Y+8RtzZ4GjOGE9qWVHZ8awfhnFYc_qGm8fMLUNRAg@mail.gmail.com --- diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index b3e51698dc..a776bc3ed7 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -2568,6 +2568,7 @@ CheckLDAPAuth(Port *port) else filter = psprintf("(uid=%s)", port->user_name); + search_message = NULL; r = ldap_search_s(ldap, port->hba->ldapbasedn, port->hba->ldapscope, @@ -2582,6 +2583,8 @@ CheckLDAPAuth(Port *port) (errmsg("could not search LDAP for filter \"%s\" on server \"%s\": %s", filter, server_name, ldap_err2string(r)), errdetail_for_ldap(ldap))); + if (search_message != NULL) + ldap_msgfree(search_message); ldap_unbind(ldap); pfree(passwd); pfree(filter);