From 1328777a85cd61b7ba0d5e5869ae020e8c0e1143 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Thu, 21 Mar 2019 09:49:20 +0000 Subject: [PATCH] Fix a SASL channel-binding leak --- servers/lloadd/connection.c | 5 +++++ servers/lloadd/lload.h | 4 ++++ servers/lloadd/upstream.c | 1 + 3 files changed, 10 insertions(+) diff --git a/servers/lloadd/connection.c b/servers/lloadd/connection.c index b1bbff86f3..0192019f05 100644 --- a/servers/lloadd/connection.c +++ b/servers/lloadd/connection.c @@ -357,6 +357,11 @@ connection_destroy( LloadConnection *c ) c->c_sasl_defaults = NULL; } if ( c->c_sasl_authctx ) { +#ifdef SASL_CHANNEL_BINDING /* 2.1.25+ */ + if ( c->c_sasl_cbinding ) { + ch_free( c->c_sasl_cbinding ); + } +#endif sasl_dispose( &c->c_sasl_authctx ); } #endif /* HAVE_CYRUS_SASL */ diff --git a/servers/lloadd/lload.h b/servers/lloadd/lload.h index 8c58e3dfb0..d27b650451 100644 --- a/servers/lloadd/lload.h +++ b/servers/lloadd/lload.h @@ -340,6 +340,10 @@ struct LloadConnection { #ifdef HAVE_CYRUS_SASL sasl_conn_t *c_sasl_authctx; void *c_sasl_defaults; +#ifdef SASL_CHANNEL_BINDING /* 2.1.25+ */ + sasl_channel_binding_t *c_sasl_cbinding; /* Else cyrus-sasl would happily + * leak it on sasl_dispose */ +#endif /* SASL_CHANNEL_BINDING */ #endif /* HAVE_CYRUS_SASL */ #ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS diff --git a/servers/lloadd/upstream.c b/servers/lloadd/upstream.c index 458af0c1e4..a9d7f154fe 100644 --- a/servers/lloadd/upstream.c +++ b/servers/lloadd/upstream.c @@ -321,6 +321,7 @@ sasl_bind_step( LloadConnection *c, BerValue *scred, BerValue *ccred ) cb->data = cb_data = cb + 1; memcpy( cb_data, cbv.bv_val, cbv.bv_len ); sasl_setprop( ctx, SASL_CHANNEL_BINDING, cb ); + c->c_sasl_cbinding = cb; } } #endif