[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6054) back-bdb indexing routines do not check for slap_sl_malloc() failure, leading to segfaults
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6054) back-bdb indexing routines do not check for slap_sl_malloc() failure, leading to segfaults
- From: hyc@symas.com
- Date: Fri, 10 Apr 2009 16:54:59 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
jwm@horde.net wrote:
> Full_Name: John Morrissey
> Version: 2.4.16
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (2001:4978:194:0:21f:5bff:fee9:da92)
>
> Looking back through the call chain, do_syncrepl() sets op->o_tmpmemctx to
> NULL:
>
> /* use global malloc for now */
> op->o_tmpmemctx = NULL;
> op->o_tmpmfuncs =&ch_mfuncs;
This should be removed.
> so generalizedTimeIndexer()'s call to slap_sl_malloc() falls back to
> ber_memalloc_x() due to the null ctx. If malloc() fails there, NULL is
> eventually returned to the original caller of slap_sl_malloc(), likely resulting
> in a segfault.
And slap_sl_malloc() should be changed in this case to assert() just like
ch_malloc() does.
> All of the indexing routines seem to ignore slap_sl_malloc()'s return value,
> opening them up to this problem, too. Someone else will need to step in with a
> proper fix since I don't know much about slapd internals, but it seems that if
> these routines are being called with a deliberate null ctx, they should be
> checking for malloc failure. A cursory glance around back-bdb indicates that
> indexing function callers already handle failure return codes gracefully.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/