Full_Name: Hallvard B Furuseth Version: HEAD OS: Linux URL: Submission from: (NULL) (129.240.6.233) Submitted by: hallvard RFCs 3909 (Cancel) and 4511 (LDAP protocol) say some operations cannot be cancelled/abandoned: Abandon, Bind, Unbind, StartTLS, Cancel. Clients can cancel least Cancel. That lets a client deadlock slapd, or all slapd threads but one, by spamming slapd with pairs of Cancels that cancel each other. If both are started, each waits for the other. Also cn=config operations need to be at least unCancelable: The same happens if you send pairs of (cn=config op, Cancel that op). Regarding Cancel, one fix resembling current code would be: * Before an operation waits for (an)other operation(s): - Fail if o_cancel, and if o_abandon when the op is abandonable, - Make it uncancellable: set o_cancel = tooLate even when !o_abandon. * Cancel and Abandon operations: - Fail if the targeted operation already has tooLate/cannotCancel. Actually Cancel already does, but with wrong result code + message. I include Abandon to keep the number of cancel/abandon-related states down. Also, (o_abandon, o_cancel) = (1, tooLate) would otherwise mean two things with the fix above: The op was Cancelled but completed anyway, or the op was Abandoned and is uncancellable (but not necessarily unabandonable).
moved from Incoming to Software Bugs
Suggested partual fix - add this possible value for o_cancel: #define SLAP_CANCEL_INVALID 0x04 /* like 0 but prevents Cancel */ Something like this: http://folk.uio.no/hbf/OpenLDAP/cancel-cancel.txt Does not reject abandon(Cancel/StartTLS), would need to extend o_cancel with yet another value. That's ugly enough already, so I let that wait. connection_abandon() in particular isn't invalid client action, but it shouldn't be worse than causing a surprising result code or not response before closing the connection. Does not address syncprov's Cancel handler. I don't know if the bconfig.c pathces are correct, but need to reject cancel before (reacting to) thread pool pauses there and maybe in syncrepl/syncprov. -- Hallvard
changed notes
changed notes changed state Open to Test
Caught cancel(cancel) and cancel/abandon(abandon/bind/unbind), partly fixed cancel(cn=config update) problem, without doing this: > Suggested partual fix - add this possible value for o_cancel: > #define SLAP_CANCEL_INVALID 0x04 /* like 0 but prevents Cancel */ Still need something that to fix cancel(cn=config update) completely. syncrepl/syncprov, starttls not yet addressed. Also cancel(cancel) still behaves in a non-RFC way. Correct fix would require resetting o_abandon, which seems unsafe. Who knows what has already reacted to it. Will update this patch for the remaining issues later: > Something like this: > http://folk.uio.no/hbf/OpenLDAP/cancel-cancel.txt -- Hallvard
changed notes changed state Test to Partial
Some fixes in HEAD. See also ITS#6138 Some fixes in RE24. See also ITS#6138