[Date Prev][Date Next] [Chronological] [Thread] [Top]

slap_known_controls is unsafe (ITS#3291)



Full_Name: Howard Chu
Version: HEAD/2.2
OS: 
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (24.126.120.178)
Submitted by: hyc


back-ldap and back-meta initialize their bi->bi_controls (AKA be_controls) field
using slap_known_controls during their backend initialization step. Also in HEAD
the frontend does the same thing. Unfortunately this array is realloc'd when new
controls are registered, which will invalidate the pointer that these
backends/frontends are holding. Any subsequent reference to the bi_controls will
likely result in a segfault.
Since back-monitor examines this field during its startup, back-monitor will
segfault if the controls array has changed between initialization and backend
startup.

The controls array can be changed by modules loaded with moduleload in
slapd.conf. For example, loading the ppolicy overlay will trigger this segfault.
For back-ldap/back-meta we can probably move the initialization of bi_controls
to a later point in the startup sequence.