[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6381) connection_fake_init() from db_open() is unsafe

Full_Name: Howard Chu
Version: 2.4
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (
Submitted by: hyc

Originally the db_open() handlers only ran from slapd's main context, at startup
time before threading was active. But with back-config, backends and overlays
can be added at runtime and the db_open() handler then runs in a back-config
operation thread. If a db_open handler calls connection_fake_init() using its
current thread context, it will get the current sl_malloc memory context as
well, and reset it to zero. Any sl_mallocs called up to that point will be
forgotten and they'll be overwritten by subsequent calls in that thread.

We never saw any problems with this prior to ITS#6380, because the prior mallocs
tended to be higher up in the sl_malloc heap. So even though the heap was reset,
the new mallocs didn't collide with the old ones.

This is already fixed in HEAD: back-sql/init.c, back-monitor/init.c, and
overlays/{dds.c, pcache.c, syncprov.c}