[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6381) connection_fake_init() from db_open() is unsafe

To: openldap-its@openldap.org
Subject: (ITS#6381) connection_fake_init() from db_open() is unsafe
From: hyc@OpenLDAP.org
Date: Sun, 15 Nov 2009 10:02:42 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Howard Chu
Version: 2.4
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (76.91.220.157)
Submitted by: hyc


Originally the db_open() handlers only ran from slapd's main context, at startup
time before threading was active. But with back-config, backends and overlays
can be added at runtime and the db_open() handler then runs in a back-config
operation thread. If a db_open handler calls connection_fake_init() using its
current thread context, it will get the current sl_malloc memory context as
well, and reset it to zero. Any sl_mallocs called up to that point will be
forgotten and they'll be overwritten by subsequent calls in that thread.

We never saw any problems with this prior to ITS#6380, because the prior mallocs
tended to be higher up in the sl_malloc heap. So even though the heap was reset,
the new mallocs didn't collide with the old ones.

This is already fixed in HEAD: back-sql/init.c, back-monitor/init.c, and
overlays/{dds.c, pcache.c, syncprov.c}

Prev by Date: (ITS#6380) slap_sl_free is too lazy
Next by Date: Re: (ITS#6362) slapd 2.4.19 Segmentation fault under load
Index(es):
- Chronological
- Thread