From fa5ccbb5f5b730122b624b31c0225762492797d7 Mon Sep 17 00:00:00 2001

From: Noriko Hosoi <nhosoi@redhat.com>

Date: Mon, 10 Nov 2014 13:12:48 -0800

Subject: [PATCH 28/28] Ticket #47948 - ldap_sasl_bind fails assertion (ld !=

 NULL) if it is called from chainingdb_bind over SSL/startTLS

Bug Description: In case startTLS, if ldap_start_tls_s called from

cb_get_connection failed and it returned non LDAP_SUCCESS return

code, the code was stored in the local variable just in the error

case, used only for error logging and abandoned in the scope; the

caller cb_get_connection returned LDAP_SUCCESS even if the connection

was not established.  That confuses the caller of cb_get_connection

and let it call ldap_sasl_bind with NULL ld and it causes the assertion

failure.

Fix Description: remove the local variable declaration in the scope.

https://fedorahosted.org/389/ticket/47948

Reviewed by rmeggins@redhat.com (Thank you, Rich!!)

(cherry picked from commit 47868d3e5278d425abe5e8325f2965de66c10cff)

(cherry picked from commit cb4f0cb2d120bc899bfb68dfe134ec3a26f3f334)

---

 ldap/servers/plugins/chainingdb/cb_conn_stateless.c | 1 -

 1 file changed, 1 deletion(-)

diff --git a/ldap/servers/plugins/chainingdb/cb_conn_stateless.c b/ldap/servers/plugins/chainingdb/cb_conn_stateless.c

index a85b392..4b323b1 100644

--- a/ldap/servers/plugins/chainingdb/cb_conn_stateless.c

+++ b/ldap/servers/plugins/chainingdb/cb_conn_stateless.c

@@ -463,7 +463,6 @@ cb_get_connection(cb_conn_pool * pool,

 					ldap_controls_free(serverctrls);

 				}

 			} else if (secure == 2) {

-				int rc;

 				/* the start_tls operation is usually performed in slapi_ldap_bind, but

 				   since we are not binding we still need to start_tls */

 				if (cb_debug_on()) {

-- 

1.9.3