tags 278471 + patch tags 278471 - unreproducible thanks
Ok, here we go: The attached patch fixes the SASL issue. It has been verified to work on my system, that is, the version currently in etch consistently results in the failed assertion. With the patch, the assertion does not fail any more. Actually, this also helped me identifying a problem with my SSL certificates, which had caused the TLS negotiation to fail. HTH, Michael PS.: If there is any further point release for etch, I guess this should go in there as failing LDAP connections likely cause serious problems. However, I don't see any security issue being involved here.
diff -urN openldap2-2.1.30.orig/libraries/libldap/open.c
openldap2-2.1.30/libraries/libldap/open.c
--- openldap2-2.1.30.orig/libraries/libldap/open.c 2008-03-22
22:36:16.000000000 +0100
+++ openldap2-2.1.30/libraries/libldap/open.c 2008-03-22 22:38:31.000000000
+0100
@@ -387,6 +387,10 @@
--conn->lconn_refcnt;
if (rc != LDAP_SUCCESS) {
+#ifdef HAVE_CYRUS_SASL
+ /* cleanup SASL context in case it had been established
*/
+ ldap_int_sasl_close( ld, conn );
+#endif
return -1;
}
}
pgpRwBE087G3m.pgp
Description: PGP signature
