[Date Prev][Date Next]
(ITS#5461) rs->sr_tag/sr_msgid uninitialized at abandon
Full_Name: Hallvard B Furuseth
Version: HEAD, RE23, RE24
Submission from: (NULL) (220.127.116.11)
Submitted by: hallvard
slap_send_ldap_result() does not initialize rs->sr_tag and
rs->sr_msgid if rs->sr_err == SLAPD_ABANDON || op->o_abandon.
It does call send_ldap_response() which calls slap_cleanup_play().
Some cleanup handlers dispatch on rs->sr_tag.
If this is deliberate, it's a design bug: Any cleanup callbacks
that depend on this suffer at least a race condition, since o_abandon
could get set just after slap_send_ldap_result checks for abandon.
The code is from slapd/result.c rev 1.252.
The fix should be to first check that the cleanup callbacks handle
abandon properly, then always initialize these SlapResponse fields.