s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own...

Thanks to Isaac Boukris <iboukris@gmail.com> for finding the
issue and testing this fix.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13244

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 26 02:25:20 CET 2018 on sn-devel-144

(cherry picked from commit e7425bd5245ffea68b7e8f794c9b5f864d103769)

diff --git a/source3/libads/ldap_utils.c b/source3/libads/ldap_utils.c
index a4adbc09524bcf74c3ce0af40c6fdcacbad48ea1..0c37b06500cfd8ad0c64ffd968206fef245ca021 100644 (file)
--- a/source3/libads/ldap_utils.c
+++ b/source3/libads/ldap_utils.c
@@ -105,9 +105,18 @@ static ADS_STATUS ads_do_search_retry_internal(ADS_STRUCT *ads, const char *bind
                status = ads_connect(ads);
 
                if (!ADS_ERR_OK(status)) {
+                       bool orig_is_mine = ads->is_mine;
+
                        DEBUG(1,("ads_search_retry: failed to reconnect (%s)\n",
                                 ads_errstr(status)));
+                       /*
+                        * We need to keep the ads pointer
+                        * from being freed here as we don't own it and
+                        * callers depend on it being around.
+                        */
+                       ads->is_mine = false;
                        ads_destroy(&ads);
+                       ads->is_mine = orig_is_mine;
                        SAFE_FREE(bp);
                        return status;
                }