From ba2943d8938edb7f072a7d7c9a5c28c5816edbbe Mon Sep 17 00:00:00 2001
From: Bradley Nicholes <bnicholes@apache.org>
Date: Wed, 14 Apr 2004 14:41:28 +0000
Subject: [PATCH] Don't repeatedly allocate the binddn and bindpw from the
 st->pool (pconf pool) in order to avoid uncontrolled memory allocations.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103384 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/experimental/util_ldap.c | 93 ++++++++++++++++++++------------
 1 file changed, 59 insertions(+), 34 deletions(-)

diff --git a/modules/experimental/util_ldap.c b/modules/experimental/util_ldap.c
index 0498e0c689..529bbaeea0 100644
--- a/modules/experimental/util_ldap.c
+++ b/modules/experimental/util_ldap.c
@@ -88,6 +88,20 @@ void *util_ldap_create_config(apr_pool_t *p, server_rec *s);
                           "\"http://www.w3.org/TR/REC-html40/frameset.dtd\">\n"
 #endif
 
+
+static void util_ldap_strdup (char *str, const char *newstr)
+{
+    if (str) {
+        free(str);
+        str = NULL;
+    }
+
+    if (newstr) {
+        str = calloc(1, strlen(newstr)+1);
+        strcpy (str, newstr);
+    }
+}
+
 /*
  * Status Handler
  * --------------
@@ -179,25 +193,36 @@ LDAP_DECLARE_NONSTD(apr_status_t) util_ldap_connection_destroy(void *param)
 {
     util_ldap_connection_t *ldc = param;
 
-    /* unbinding from the LDAP server */
-    if (ldc->ldap) {
-        ldap_unbind_s(ldc->ldap);
-        ldc->bound = 0;
-        ldc->ldap = NULL;
-    }
+    if (ldc) {
+
+        /* unbinding from the LDAP server */
+        if (ldc->ldap) {
+            ldap_unbind_s(ldc->ldap);
+            ldc->bound = 0;
+            ldc->ldap = NULL;
+        }
+
+        if (ldc->bindpw) {
+            free((void*)ldc->bindpw);
+        }
+    
+        if (ldc->binddn) {
+            free((void*)ldc->binddn);
+        }
 
-    /* release the lock we were using.  The lock should have
-       already been released in the close connection call.  
-       But just in case it wasn't, we first try to get the lock
-       before unlocking it to avoid unlocking an unheld lock. 
-       Unlocking an unheld lock causes problems on NetWare.  The
-       other option would be to assume that close connection did
-       its job. */
+        /* release the lock we were using.  The lock should have
+           already been released in the close connection call.  
+           But just in case it wasn't, we first try to get the lock
+           before unlocking it to avoid unlocking an unheld lock. 
+           Unlocking an unheld lock causes problems on NetWare.  The
+           other option would be to assume that close connection did
+           its job. */
 #if APR_HAS_THREADS
-    apr_thread_mutex_trylock(ldc->lock);
-    apr_thread_mutex_unlock(ldc->lock);
+        apr_thread_mutex_trylock(ldc->lock);
+        apr_thread_mutex_unlock(ldc->lock);
 #endif
 
+    }
     return APR_SUCCESS;
 }
 
@@ -290,11 +315,6 @@ LDAP_DECLARE(int) util_ldap_connection_open(request_rec *r,
         /* always default to LDAP V3 */
         ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
 
-
-        /* add the cleanup to the pool */
-        apr_pool_cleanup_register(ldc->pool, ldc,
-                                  util_ldap_connection_destroy,
-                                  apr_pool_cleanup_null);
     }
 
 
@@ -395,8 +415,8 @@ LDAP_DECLARE(util_ldap_connection_t *)util_ldap_connection_find(request_rec *r,
 
                 /* the bind credentials have changed */
                 l->bound = 0;
-                l->binddn = apr_pstrdup(st->pool, binddn);
-                l->bindpw = apr_pstrdup(st->pool, bindpw);
+                util_ldap_strdup((char*)l->binddn, binddn);
+                util_ldap_strdup((char*)l->bindpw, bindpw);
                 break;
             }
 #if APR_HAS_THREADS
@@ -434,10 +454,15 @@ LDAP_DECLARE(util_ldap_connection_t *)util_ldap_connection_find(request_rec *r,
         l->host = apr_pstrdup(st->pool, host);
         l->port = port;
         l->deref = deref;
-        l->binddn = apr_pstrdup(st->pool, binddn);
-        l->bindpw = apr_pstrdup(st->pool, bindpw);
+        util_ldap_strdup((char*)l->binddn, binddn);
+        util_ldap_strdup((char*)l->bindpw, bindpw);
         l->secure = secure;
 
+        /* add the cleanup to the pool */
+        apr_pool_cleanup_register(l->pool, l,
+                                  util_ldap_connection_destroy,
+                                  apr_pool_cleanup_null);
+
         if (p) {
             p->next = l;
         }
@@ -817,7 +842,7 @@ start_over:
 
     /* Grab the dn, copy it into the pool, and free it again */
     dn = ldap_get_dn(ldc->ldap, entry);
-    *binddn = apr_pstrdup(st->pool, dn);
+    *binddn = apr_pstrdup(r->pool, dn);
     ldap_memfree(dn);
 
     /* 
@@ -861,8 +886,8 @@ start_over:
          * it is bound to the original user id specified ldc->binddn when in fact it is 
          * bound to a completely different user id.
          */
-        ldc->binddn = apr_pstrdup(st->pool, *binddn);
-        ldc->bindpw = apr_pstrdup(st->pool, bindpw);
+        util_ldap_strdup((char*)ldc->binddn, *binddn);
+        util_ldap_strdup((char*)ldc->bindpw, bindpw);
     }
 
     /*
@@ -893,17 +918,17 @@ start_over:
     /* 		
      * Add the new username to the search cache.
      */
-    LDAP_CACHE_WRLOCK();
-    the_search_node.username = filter;
-    the_search_node.dn = *binddn;
-    the_search_node.bindpw = bindpw;
-    the_search_node.lastbind = apr_time_now();
-    the_search_node.vals = vals;
     if (curl) {
+        LDAP_CACHE_WRLOCK();
+        the_search_node.username = filter;
+        the_search_node.dn = *binddn;
+        the_search_node.bindpw = bindpw;
+        the_search_node.lastbind = apr_time_now();
+        the_search_node.vals = vals;
         util_ald_cache_insert(curl->search_cache, &the_search_node);
+        LDAP_CACHE_UNLOCK();
     }
     ldap_msgfree(res);
-    LDAP_CACHE_UNLOCK();
 
     ldc->reason = "Authentication successful";
     return LDAP_SUCCESS;
-- 
2.40.0