[Date Prev][Date Next] [Chronological] [Thread] [Top]

data loss and buffer miscalculation (ITS#2084)

To: openldap-its@OpenLDAP.org
Subject: data loss and buffer miscalculation (ITS#2084)
From: rick@vanrein.org
Date: Sun, 15 Sep 2002 20:45:21 GMT

Full_Name: Rick van Rein
Version: 2.0.24 and 2.1.4
OS: FreeBSD
URL: 
Submission from: (NULL) (212.204.167.229)


Dear people,

Looking into the code of OpenLDAP 2.0.24, I discovered buggy code that
leads to synchronisation faults between master/slaves and perhaps slow-down
of the slurpd daemon.  The bugs are also present in OpenLDAP 2.1.4.

In slurpd's replog.c file there's a small bug:

    /*
     * Make our own private copy of the replication log.
     */
    while (( p = fgets( rbuf, sizeof( buf ), rfp )) != NULL ) {
        fputs( rbuf, dfp );
    }

The sizeof should be over rbuf, not buf.  Usually, buf will be smaller than
rbuf, so not much harm can be done here, at most loss of efficiency.


More dangerous w.r.t. the consistency of databases is this remark from the
fgets() manpage in FreeBSD:

        The fgets() and gets() functions do not distinguish between
        end-of-file and error, and callers must use feof(3) and ferror(3)
        to determine which occurred.

This is not checked while copying the file.  In other words, there is a
potential of data loss and thus of loss of synchronicity between
master/slave servers.  Especially because the source file is truncated
afterwards.

Imagine a full file system for slurpd's local copy, and you see where it
goes wrong.


Cheers,
Rick van Rein,
OpenFortress.

Prev by Date: RE: Problem with tempnam ... grrr....
Next by Date: (ITS#2084) slight correction
Index(es):
- Chronological
- Thread