[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6054) back-bdb indexing routines do not check for slap_sl_malloc() failure, leading to segfaults

jwm@horde.net wrote:
> Full_Name: John Morrissey
> Version: 2.4.16
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (2001:4978:194:0:21f:5bff:fee9:da92)

> Looking back through the call chain, do_syncrepl() sets op->o_tmpmemctx to
>      /* use global malloc for now */
>      op->o_tmpmemctx = NULL;
>      op->o_tmpmfuncs =&ch_mfuncs;

This should be removed.

> so generalizedTimeIndexer()'s call to slap_sl_malloc() falls back to
> ber_memalloc_x() due to the null ctx. If malloc() fails there, NULL is
> eventually returned to the original caller of slap_sl_malloc(), likely resulting
> in a segfault.

And slap_sl_malloc() should be changed in this case to assert() just like 
ch_malloc() does.

> All of the indexing routines seem to ignore slap_sl_malloc()'s return value,
> opening them up to this problem, too. Someone else will need to step in with a
> proper fix since I don't know much about slapd internals, but it seems that if
> these routines are being called with a deliberate null ctx, they should be
> checking for malloc failure. A cursory glance around back-bdb indicates that
> indexing function callers already handle failure return codes gracefully.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/