krb5 commit: Fix LDAP module leak on authentication error

[ghudson at mit.edu]

https://github.com/krb5/krb5/commit/85c93922232300b0316546a2fc6dd93c7e2906cd
commit 85c93922232300b0316546a2fc6dd93c7e2906cd
Author: Feng Guo <gardonkoo at 163.com>
Date:   Thu Nov 28 21:32:37 2024 +0800

    Fix LDAP module leak on authentication error
    
    In initialize_server(), unbind the server handle if authenticate()
    fails.
    
    [ghudson at mit.edu: rewrote commit message]
    
    ticket: 9153 (new)

 src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
index 5e77d5e49..d19e2b761 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
@@ -189,6 +189,7 @@ initialize_server(krb5_ldap_context *ldap_context, krb5_ldap_server_info *info)
     if (ret) {
         info->server_status = OFF;
         time(&info->downtime);
+        ldap_unbind_ext_s(server->ldap_handle, NULL, NULL);
         free(server);
         return ret;
     }