fix leak when 'rebind-as-user' is set (and client searches without prior bind)

servers/slapd/back-meta/bind.c

@@ -168,9 +168,7 @@ meta_back_bind( Operation *op, SlapReply *rs )
 					BER_BVZERO( &msc->msc_bound_ndn );
 				}
 
-				if ( LDAP_BACK_SAVECRED( mi ) &&
-					!BER_BVISNULL( &msc->msc_cred ) )
-				{
+				if ( !BER_BVISNULL( &msc->msc_cred ) ) {
 					/* destroy sensitive data */
 					memset( msc->msc_cred.bv_val, 0,
 						msc->msc_cred.bv_len );
@@ -471,7 +469,7 @@ meta_back_single_bind(
 		BER_BVZERO( &msc->msc_bound_ndn );
 	}
 
-	if ( LDAP_BACK_SAVECRED( mi ) && !BER_BVISNULL( &msc->msc_cred ) ) {
+	if ( !BER_BVISNULL( &msc->msc_cred ) ) {
 		/* destroy sensitive data */
 		memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
 		ch_free( msc->msc_cred.bv_val );
@@ -523,6 +521,10 @@ meta_back_single_bind(
 	mc->mc_authz_target = candidate;
 
 	if ( LDAP_BACK_SAVECRED( mi ) ) {
+		if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+			memset( msc->msc_cred.bv_val, 0,
+				msc->msc_cred.bv_len );
+		}
 		ber_bvreplace( &msc->msc_cred, &op->orb_cred );
 		ldap_set_rebind_proc( msc->msc_ld, mt->mt_rebind_f, msc );
 	}

servers/slapd/back-meta/conn.c

@@ -458,6 +458,10 @@ retry:;
 		if ( !BER_BVISNULL( &mt->mt_idassert_authcDN ) ) {
 			ber_bvreplace( &msc->msc_bound_ndn, &mt->mt_idassert_authcDN );
 			if ( !BER_BVISNULL( &mt->mt_idassert_passwd ) ) {
+				if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+					memset( msc->msc_cred.bv_val, 0,
+						msc->msc_cred.bv_len );
+				}
 				ber_bvreplace( &msc->msc_cred, &mt->mt_idassert_passwd );
 			}
 

servers/slapd/back-meta/search.c

@@ -194,7 +194,11 @@ meta_search_dobind_init(
 		if ( !BER_BVISNULL( &binddn ) ) {
 			ber_bvreplace( &msc->msc_bound_ndn, &binddn );
 			if ( LDAP_BACK_SAVECRED( mi ) && !BER_BVISNULL( &cred ) ) {
-				ber_dupbv( &msc->msc_cred, &cred );
+				if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+					memset( msc->msc_cred.bv_val, 0,
+						msc->msc_cred.bv_len );
+				}
+				ber_bvreplace( &msc->msc_cred, &cred );
 			}
 		}