SEC-1520: Close NamingEnumeration in LDAP compare implementation.

ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java

@@ -23,6 +23,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import javax.naming.Context;
+import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
 import java.io.UnsupportedEncodingException;
 import java.net.URI;
@@ -60,6 +61,16 @@ public final class LdapUtils {
         }
     }
 
+    public static void closeEnumeration(NamingEnumeration ne) {
+        try {
+            if (ne != null) {
+                ne.close();
+            }
+        } catch (NamingException e) {
+            logger.error("Failed to close enumeration.", e);
+        }
+    }
+
     /**
      * Obtains the part of a DN relative to a supplied base context.
      * <p>If the DN is "cn=bob,ou=people,dc=springframework,dc=org" and the base context name is

ldap/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java

@@ -92,7 +92,10 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
 
                 NamingEnumeration<SearchResult> results = ctx.search(dn, comparisonFilter, new Object[] {value}, ctls);
 
-                return Boolean.valueOf(results.hasMore());
+                Boolean match = Boolean.valueOf(results.hasMore());
+                LdapUtils.closeEnumeration(results);
+
+                return match;
             }
         }
 
@@ -215,6 +218,7 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
                             results.add(new DirContextAdapter(searchResult.getAttributes(), dn, ctxBaseDn));
                         }
                     } catch (PartialResultException e) {
+                        LdapUtils.closeEnumeration(resultsEnum);
                         logger.info("Ignoring PartialResultException");
                     }