[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL regex lookups not mutex protected (ITS#2505)

To: openldap-its@OpenLDAP.org
Subject: SASL regex lookups not mutex protected (ITS#2505)
From: simon@sxw.org.uk
Date: Mon, 12 May 2003 14:41:24 GMT

Full_Name: Simon Wilkinson
Version: 2.1.17 (but verified in CVS)
OS: Linux
URL: ftp://ftp.openldap.org/incoming/SimonWilkinson-030512.diff
Submission from: (NULL) (212.20.248.63)


The saslauthz.c file uses a static data structure to store the compilations 
of regular expressions (the SaslRegexp array, and the nSaslRegexp int). 
These variables are not protected from simulatenous access by multiple threads.


Symptoms include corruption of regular expression results, due to the offset 
array being changed mid computation, and segmentation faults due to array
overruns.

Patch is at the URL given . I wasn't sure of the correct place to add the mutex

defintion - I've put its definition, and initialization in init.c with all the 
others, although it is really local to the saslauthz code.

The patch is against 2.1.17, although the issues appear to still be present in 
2.1.19 and CVS HEAD.

Prev by Date: chase referrals not working with ADS dc's (ITS#2504)
Next by Date: long time search for non-existent attributs (ITS#2506)
Index(es):
- Chronological
- Thread