[openldap/f16] fix: invalid order of TLS shutdown operations

Wed Jun 27 15:22:35 UTC 2012

commit b1cce09175132869f740e8a505f2e231da7ee4c7
Author: Jan Vcelak <jvcelak at redhat.com>
Date:   Wed Jun 27 13:31:05 2012 +0200

    fix: invalid order of TLS shutdown operations
    
    Resolves: #808465

 openldap-tls-unbind-shutdown-order.patch |   37 ++++++++++++++++++++++++++++++
 openldap.spec                            |    3 ++
 2 files changed, 40 insertions(+), 0 deletions(-)
---

diff --git a/openldap-tls-unbind-shutdown-order.patch b/openldap-tls-unbind-shutdown-order.patch
new file mode 100644
index 0000000..60162f7
--- /dev/null
+++ b/openldap-tls-unbind-shutdown-order.patch
@@ -0,0 +1,37 @@
+unbind: free socket prior to destroying TLS context
+
+Author: Jan Vcelak <jvcelak at redhat.com>
+Resolves: #808464
+Upstream ITS: #7241
+Upstream commit: 221531b31a02c162c60c7d4491169855454c1ee0
+
+---
+ libraries/libldap/unbind.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/libraries/libldap/unbind.c b/libraries/libldap/unbind.c
+index 35a92a8..82bc12d 100644
+--- a/libraries/libldap/unbind.c
++++ b/libraries/libldap/unbind.c
+@@ -129,6 +129,9 @@ ldap_ld_free(
+ 		ld->ld_abandoned = NULL;
+ 	}
+ 	LDAP_MUTEX_UNLOCK( &ld->ld_res_mutex );
++
++	ber_sockbuf_free( ld->ld_sb );
++
+ 	LDAP_MUTEX_LOCK( &ld->ld_ldopts_mutex );
+ 
+ 	/* final close callbacks */
+@@ -217,8 +220,6 @@ ldap_ld_free(
+ 	}
+ 	LDAP_MUTEX_UNLOCK( &ld->ld_ldopts_mutex );
+ 
+-	ber_sockbuf_free( ld->ld_sb );   
+-   
+ #ifdef LDAP_R_COMPILE
+ 	ldap_pvt_thread_mutex_destroy( &ld->ld_msgid_mutex );
+ 	ldap_pvt_thread_mutex_destroy( &ld->ld_conn_mutex );
+-- 
+1.7.10.4
+
diff --git a/openldap.spec b/openldap.spec
index 91237fe..a7ccaaf 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -49,6 +49,7 @@ Patch23: openldap-nss-dont-overwrite-verify-cert-error.patch
 Patch24: openldap-nss-clean-memory-for-token-pin.patch
 Patch25: openldap-cve-nss-cipher-suite-ignored.patch
 Patch26: openldap-nss-default-cipher-suite-always-selected.patch
+Patch27: openldap-tls-unbind-shutdown-order.patch
 
 # patches for the evolution library (see README.evolution)
 Patch200: openldap-evolution-ntlm.patch
@@ -168,6 +169,7 @@ pushd openldap-%{version}
 %patch24 -p1 -b .nss-clean-memory-for-token-pin
 %patch25 -p1 -b .cve-nss-cipher-suite-ignored
 %patch26 -p1 -b .nss-default-cipher-suite-always-selected
+%patch27 -p1 -b .tls-unbind-shutdown-order
 
 cp %{_datadir}/libtool/config/config.{sub,guess} build/
 
@@ -698,6 +700,7 @@ exit 0
 - fix: reading pin from file can make all TLS connections hang (#829317)
 - CVE-2012-2668: cipher suite selection by name can be ignored (#825875)
 - fix: default cipher suite is always selected (#828790)
+- fix: invalid order of TLS shutdown operations (#808464)
 
 * Mon Mar 26 2012 Jan Synáček <jsynacek at redhat.com> 2.4.26-7
 - fix: Re-binding to a failed connection can segfault (#784989)
