[Date Prev][Date Next]
Re: (ITS#5048) Suspicious use of 'unchecked' limit syncprov
Reopening this ITS...
Howard Chu writes:
>> Full_Name: Hallvard B Furuseth
>> overlays/syncprov.c:syncprov_findcsn() sets an unchecked limit to 1.
>> findcsn_cb() says
>> /* We just want to know that at least one exists, so it's OK if
>> * we exceed the unchecked limit or size limit.
>> This looks like it can return a false positive if two or more other
>> entries which the filter would eliminate have the same hash as the
>> value syncprov searches for.
> I don't believe this can cause any problem though. CSN indexing doesn't use a
> hash the way other indices do; the CSN timestamp is converted to binary form
> and saved as a 40 bit integer. Index collisions will only occur for multiple
> changes that occurred within the same 1-second interval.
Only if entryCSN is indexed, which is recommended but not required in
man slapo-syncprov. With un-indexed entryCSN it'll hit the unchecked
limit if there are two or more entries in scope for the search.
Also - another marginal case - findcsn_cb() assumes adminLimitExceeded
implies a size limit (.size or .unchecked). It could also mean a hard
time limit. After someone did ^Z on slapd while stepping through some
debugging, if nothing else.