autofs-5.0.4 - fix double free in do_sasl_bind()

From: Ian Kent <raven@themaw.net>

In do_sasl_bind() the connection negotiation loop can exit with the
local variable server_cred non-null after it has been freed, leading
to a double free.
---

 CHANGELOG            |    1 +
 modules/cyrus-sasl.c |    4 +++-
 2 files changed, 4 insertions(+), 1 deletions(-)


diff --git a/CHANGELOG b/CHANGELOG
index e138ca3..f0d0e58 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -53,6 +53,7 @@
 - fix not releasing resources when using submounts.
 - fix notify mount message path.
 - remount we created mount point fix.
+- fix double free in sasl_bind().
 
 4/11/2008 autofs-5.0.4
 -----------------------
diff --git a/modules/cyrus-sasl.c b/modules/cyrus-sasl.c
index ec2ab0c..04001d0 100644
--- a/modules/cyrus-sasl.c
+++ b/modules/cyrus-sasl.c
@@ -348,8 +348,10 @@ do_sasl_bind(unsigned logopt, LDAP *ld, sasl_conn_t *conn, const char **clientou
 			}
 		}
 
-		if (server_cred && server_cred->bv_len > 0)
+		if (server_cred && server_cred->bv_len > 0) {
 			ber_bvfree(server_cred);
+			server_cred = NULL;
+		}
 
 	} while ((bind_result == LDAP_SASL_BIND_IN_PROGRESS) ||
 		 (sasl_result == SASL_CONTINUE));