4 files changed, 44 insertions, 36 deletions

diff --git a/src/modules/extra/m_ldapauth.cpp b/src/modules/extra/m_ldapauth.cpp
index 6c765fb2e..405bab082 100644
--- a/src/modules/extra/m_ldapauth.cpp
+++ b/src/modules/extra/m_ldapauth.cpp
@@ -310,36 +310,25 @@ public:
 		}
 
 		RAIILDAPMessage msg;
-		std::string what = (attribute + "=" + (useusername ? user->ident : user->nick));
-		if ((res = ldap_search_ext_s(conn, base.c_str(), searchscope, what.c_str(), NULL, 0, NULL, NULL, NULL, 0, &msg)) != LDAP_SUCCESS)
+		std::string what;
+		std::string::size_type pos = user->password.find(':');
+		// If a username is provided in PASS, use it, othewrise user their nick or ident
+		if (pos != std::string::npos)
 		{
-			// Do a second search, based on password, if it contains a :
-			// That is, PASS <user>:<password> will work.
-			size_t pos = user->password.find(":");
-			if (pos != std::string::npos)
-			{
-				// manpage says we must deallocate regardless of success or failure
-				// since we're about to do another query (and reset msg), first
-				// free the old one.
-				msg.dealloc();
-
-				std::string cutpassword = user->password.substr(0, pos);
-				res = ldap_search_ext_s(conn, base.c_str(), searchscope, cutpassword.c_str(), NULL, 0, NULL, NULL, NULL, 0, &msg);
-
-				if (res == LDAP_SUCCESS)
-				{
-					// Trim the user: prefix, leaving just 'pass' for later password check
-					user->password = user->password.substr(pos + 1);
-				}
-			}
+			what = (attribute + "=" + user->password.substr(0, pos));
 
-			// It may have found based on user:pass check above.
-			if (res != LDAP_SUCCESS)
-			{
-				if (verbose)
-					ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s (LDAP search failed: %s)", user->GetFullRealHost().c_str(), ldap_err2string(res));
-				return false;
-			}
+			// Trim the user: prefix, leaving just 'pass' for later password check
+			user->password = user->password.substr(pos + 1);
+		}
+		else
+		{
+			what = (attribute + "=" + (useusername ? user->ident : user->nick));
+		}
+		if ((res = ldap_search_ext_s(conn, base.c_str(), searchscope, what.c_str(), NULL, 0, NULL, NULL, NULL, 0, &msg)) != LDAP_SUCCESS)
+		{
+			if (verbose)
+				ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s (LDAP search failed: %s)", user->GetFullRealHost().c_str(), ldap_err2string(res));
+			return false;
 		}
 		if (ldap_count_entries(conn, msg) > 1)
 		{
@@ -404,7 +393,7 @@ public:
 			std::string dnPart;
 			while (stream.GetToken(dnPart))
 			{
-				std::string::size_type pos = dnPart.find('=');
+				pos = dnPart.find('=');
 				if (pos == std::string::npos) // malformed
 					continue;
 
diff --git a/src/modules/extra/m_sqlite3.cpp b/src/modules/extra/m_sqlite3.cpp
index 1e3a65a18..47880c02c 100644
--- a/src/modules/extra/m_sqlite3.cpp
+++ b/src/modules/extra/m_sqlite3.cpp
@@ -90,8 +90,10 @@ class SQLConn : public SQLProvider
 		std::string host = tag->getString("hostname");
 		if (sqlite3_open_v2(host.c_str(), &conn, SQLITE_OPEN_READWRITE, 0) != SQLITE_OK)
 		{
-			ServerInstance->Logs->Log("m_sqlite3",DEFAULT, "WARNING: Could not open DB with id: " + tag->getString("id"));
+			// Even in case of an error conn must be closed
+			sqlite3_close(conn);
 			conn = NULL;
+			ServerInstance->Logs->Log("m_sqlite3",DEFAULT, "WARNING: Could not open DB with id: " + tag->getString("id"));
 		}
 	}
 
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 59ac1acb3..2f4acf3f0 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -28,7 +28,7 @@
 #include "m_cap.h"
 
 #ifdef _WIN32
-# pragma comment(lib, "libgnutls-28.lib")
+# pragma comment(lib, "libgnutls-30.lib")
 #endif
 
 /* $ModDesc: Provides SSL support for clients */
@@ -703,6 +703,9 @@ class ModuleSSLGnuTLS : public Module
 			if (ret > 0)
 			{
 				recvq.append(buffer, ret);
+				// Schedule a read if there is still data in the GnuTLS buffer
+				if (gnutls_record_check_pending(session->sess) > 0)
+					ServerInstance->SE->ChangeEventMask(user, FD_ADD_TRIAL_READ);
 				return 1;
 			}
 			else if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index b21091d3f..aee7a5e34 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -405,12 +405,19 @@ class ModuleSSLOpenSSL : public Module
 #endif
 
 			ERR_clear_error();
-			if ((SSL_CTX_set_tmp_dh(ctx, ret) < 0) || (SSL_CTX_set_tmp_dh(clictx, ret) < 0))
+			if (ret)
 			{
-				ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Couldn't set DH parameters %s. SSL errors follow:", dhfile.c_str());
-				ERR_print_errors_cb(error_callback, this);
+				if ((SSL_CTX_set_tmp_dh(ctx, ret) < 0) || (SSL_CTX_set_tmp_dh(clictx, ret) < 0))
+				{
+					ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Couldn't set DH parameters %s. SSL errors follow:", dhfile.c_str());
+					ERR_print_errors_cb(error_callback, this);
+				}
+				DH_free(ret);
+			}
+			else
+			{
+				ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Couldn't set DH parameters %s.", dhfile.c_str());
 			}
-			DH_free(ret);
 		}
 
 #ifndef _WIN32
@@ -591,8 +598,15 @@ class ModuleSSLOpenSSL : public Module
 			if (ret > 0)
 			{
 				recvq.append(buffer, ret);
+
+				int mask = 0;
+				// Schedule a read if there is still data in the OpenSSL buffer
+				if (SSL_pending(session->sess) > 0)
+					mask |= FD_ADD_TRIAL_READ;
 				if (session->data_to_write)
-					ServerInstance->SE->ChangeEventMask(user, FD_WANT_POLL_READ | FD_WANT_SINGLE_WRITE);
+					mask |= FD_WANT_POLL_READ | FD_WANT_SINGLE_WRITE;
+				if (mask != 0)
+					ServerInstance->SE->ChangeEventMask(user, mask);
 				return 1;
 			}
 			else if (ret == 0)