[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: SASL regex lookups not mutex protected (ITS#2505)
> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of simon@sxw.org.uk
> Full_Name: Simon Wilkinson
> Version: 2.1.17 (but verified in CVS)
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/SimonWilkinson-030512.diff
> Submission from: (NULL) (212.20.248.63)
> The saslauthz.c file uses a static data structure to store
> the compilations
> of regular expressions (the SaslRegexp array, and the
> nSaslRegexp int).
> These variables are not protected from simulatenous access by
> multiple threads.
> Symptoms include corruption of regular expression results,
> due to the offset
> array being changed mid computation, and segmentation faults
> due to array
> overruns.
Thanks. Most of the elements of the SaslRegexp array are read-only at
runtime. The sr_strings field is not. Moving sr_strings into a local variable
should be sufficient to fix this problem. I am committing this change to CVS
HEAD, please test.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support