From 96789560a56ae6408addd7b01bfe8c40bb333d81 Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Nov 10 2014 23:12:17 +0000
Subject: Ticket #47948 - ldap_sasl_bind fails assertion (ld != NULL) if it is called from chainingdb_bind over SSL/startTLS


Bug Description: In case startTLS, if ldap_start_tls_s called from
cb_get_connection failed and it returned non LDAP_SUCCESS return
code, the code was stored in the local variable just in the error
case, used only for error logging and abandoned in the scope; the
caller cb_get_connection returned LDAP_SUCCESS even if the connection
was not established.  That confuses the caller of cb_get_connection
and let it call ldap_sasl_bind with NULL ld and it causes the assertion
failure.

Fix Description: remove the local variable declaration in the scope.

https://fedorahosted.org/389/ticket/47948

Reviewed by rmeggins@redhat.com (Thank you, Rich!!)

(cherry picked from commit 47868d3e5278d425abe5e8325f2965de66c10cff)
(cherry picked from commit cb4f0cb2d120bc899bfb68dfe134ec3a26f3f334)

---

diff --git a/ldap/servers/plugins/chainingdb/cb_conn_stateless.c b/ldap/servers/plugins/chainingdb/cb_conn_stateless.c
index a85b392..4b323b1 100644
--- a/ldap/servers/plugins/chainingdb/cb_conn_stateless.c
+++ b/ldap/servers/plugins/chainingdb/cb_conn_stateless.c
@@ -463,7 +463,6 @@ cb_get_connection(cb_conn_pool * pool,
 					ldap_controls_free(serverctrls);
 				}
 			} else if (secure == 2) {
-				int rc;
 				/* the start_tls operation is usually performed in slapi_ldap_bind, but
 				   since we are not binding we still need to start_tls */
 				if (cb_debug_on()) {