[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slap_graduate_commit_csn() crashes slapd (ITS#2744)

To: openldap-its@OpenLDAP.org
Subject: Re: slap_graduate_commit_csn() crashes slapd (ITS#2744)
From: jongchoi@OpenLDAP.org
Date: Tue, 30 Sep 2003 15:53:45 GMT

> slap_graduate_commit_csn() is called regardless of whether the operation
> succeeds or not, at least in delete.c, by virtue of its placement.
>
> I don't know enough about what this function does to know whether this is
> correct behaviour, but it at least needs to check for the validity of its
> argument and, potentially, should only be called after checking the
operation
> result code.

In fact, the placement was intentional.
The entry CSN is created and inserted into the pending CSN queue atomically
at the frontend (slap_mods_opattrs()), so it has to be graduated regardless
of
backends type.

> For example, it's fairly easy to crash slapd by sending a delete request
with an
> invalid DN syntax. Once dnPrettyNormal() fails (delete.c:81 in CVS
revision
> 1.100), slap_graduate_commit_csn() will be called with an operation with
no
> backend set.
>
> I haven't looked at the code enough to know whether this issue is specific
to
> delete.c, or whether the problem is manifest for other operations.

Even if backend fails and return error codes, the csn queue entry should be
graduated.
I'll rather check op->o_bd in the slap_graduate_commit_csn() function.

> (gdb) bt
> #0  0x40247e90 in pthread_mutex_lock () from /lib/libpthread.so.0
> #1  0x080e1491 in ldap_pvt_thread_mutex_lock (mutex=0xb8) at
thr_posix.c:288
> #2  0x0809ba74 in slap_graduate_commit_csn (op=0x829f8d0) at ctxcsn.c:97
> #3  0x08078062 in do_delete (op=0x829f8d0, rs=0xbefff8e4) at delete.c:260
> #4  0x08066f42 in connection_operation (ctx=0xbefff964, arg_v=0x829f8d0)
at
> connection.c:977
> #5  0x080e0d70 in ldap_int_thread_pool_wrapper (xpool=0x816d420) at
tpool.c:463
> #6  0x402470ba in pthread_start_thread () from /lib/libpthread.so.0
> #7  0x40247101 in pthread_start_thread_event () from /lib/libpthread.so.0
> (gdb) p op
> $5 = (Operation *) 0x829f8d0
> (gdb) p op->o_bd
> $6 = (BackendDB *) 0x0
> (gdb) down
> #1  0x080e1491 in ldap_pvt_thread_mutex_lock (mutex=0xb8) at
thr_posix.c:288
> 288             return pthread_mutex_lock( mutex );
> (gdb) p mutex
> $7 = (ldap_pvt_thread_mutex_t *) 0xb8
> (gdb) up
> #2  0x0809ba74 in slap_graduate_commit_csn (op=0x829f8d0) at ctxcsn.c:97
> 97              ldap_pvt_thread_mutex_lock( &op->o_bd->be_pcl_mutex );
> (gdb)
>
>
>
>

Prev by Date: Re: OpenLDAP 2.2.1beta fails make test with dynamic backends (ITS#2740)
Next by Date: test017 failure with slapi (ITS#2747)
Index(es):
- Chronological
- Thread