[389-commits] Branch '389-ds-base-1.3.2' - ldap/servers

Mon Nov 10 23:12:34 UTC 2014

ldap/servers/plugins/chainingdb/cb_conn_stateless.c |    1 -
 1 file changed, 1 deletion(-)

New commits:
commit 96789560a56ae6408addd7b01bfe8c40bb333d81
Author: Noriko Hosoi <nhosoi at redhat.com>
Date:   Mon Nov 10 13:12:48 2014 -0800

    Ticket #47948 - ldap_sasl_bind fails assertion (ld != NULL) if it is called from chainingdb_bind over SSL/startTLS
    
    Bug Description: In case startTLS, if ldap_start_tls_s called from
    cb_get_connection failed and it returned non LDAP_SUCCESS return
    code, the code was stored in the local variable just in the error
    case, used only for error logging and abandoned in the scope; the
    caller cb_get_connection returned LDAP_SUCCESS even if the connection
    was not established.  That confuses the caller of cb_get_connection
    and let it call ldap_sasl_bind with NULL ld and it causes the assertion
    failure.
    
    Fix Description: remove the local variable declaration in the scope.
    
    https://fedorahosted.org/389/ticket/47948
    
    Reviewed by rmeggins at redhat.com (Thank you, Rich!!)
    
    (cherry picked from commit 47868d3e5278d425abe5e8325f2965de66c10cff)
    (cherry picked from commit cb4f0cb2d120bc899bfb68dfe134ec3a26f3f334)

diff --git a/ldap/servers/plugins/chainingdb/cb_conn_stateless.c b/ldap/servers/plugins/chainingdb/cb_conn_stateless.c
index a85b392..4b323b1 100644
--- a/ldap/servers/plugins/chainingdb/cb_conn_stateless.c
+++ b/ldap/servers/plugins/chainingdb/cb_conn_stateless.c
@@ -463,7 +463,6 @@ cb_get_connection(cb_conn_pool * pool,
 					ldap_controls_free(serverctrls);
 				}
 			} else if (secure == 2) {
-				int rc;
 				/* the start_tls operation is usually performed in slapi_ldap_bind, but
 				   since we are not binding we still need to start_tls */
 				if (cb_debug_on()) {


