[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5461) rs->sr_tag/sr_msgid uninitialized at abandon

Full_Name: Hallvard B Furuseth
Version: HEAD, RE23, RE24
Submission from: (NULL) (
Submitted by: hallvard

slap_send_ldap_result() does not initialize rs->sr_tag and
rs->sr_msgid if rs->sr_err == SLAPD_ABANDON || op->o_abandon.

It does call send_ldap_response() which calls slap_cleanup_play().
Some cleanup handlers dispatch on rs->sr_tag.

If this is deliberate, it's a design bug: Any cleanup callbacks
that depend on this suffer at least a race condition, since o_abandon
could get set just after slap_send_ldap_result checks for abandon.
The code is from slapd/result.c rev 1.252.

The fix should be to first check that the cleanup callbacks handle
abandon properly, then always initialize these SlapResponse fields.