[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6850) sssvlv can segfault when releasing multiple requests by conn



Full_Name: Raphael Ouazana
Version: HEAD
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (213.41.232.151)


Hi,

sssvlv support for multiple requests by conn (see ITS#6686) can segfault while
releasing some connections. Indeed, the request to release can be searched by
the ps_cookie. But as the ps_cookie is NULL at the end of the request (it points
to so_tree), the same request can be freed multiple times.

The following patch fix this issue and reinforce the rest of the code by using
so to search for the matching request where it is possible. Sorry, no FTP
upload, I get an error 425.
It fixes a little error in the man page too.

Index: doc/man/man5/slapo-sssvlv.5
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/doc/man/man5/slapo-sssvlv.5,v
retrieving revision 1.4
diff -u -r1.4 slapo-sssvlv.5
--- doc/man/man5/slapo-sssvlv.5	4 Jan 2011 23:42:55 -0000	1.4
+++ doc/man/man5/slapo-sssvlv.5	2 Mar 2011 16:40:57 -0000
@@ -17,8 +17,8 @@
 Since a complete result set must be generated in memory before sorting can
 be performed, processing sort requests can have a large impact on the
 server's memory use. As such, any connection is limited to having only
-one sort request active at a time. Additional limits may be configured
-as described below.
+a limited number of sorts requests active at a time. Additional limits may
+be configured as described below.
 
 .SH CONFIGURATION
 These
Index: servers/slapd/overlays/sssvlv.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/overlays/sssvlv.c,v
retrieving revision 1.29
diff -u -r1.29 sssvlv.c
--- servers/slapd/overlays/sssvlv.c	4 Jan 2011 23:43:32 -0000	1.29
+++ servers/slapd/overlays/sssvlv.c	2 Mar 2011 16:40:58 -0000
@@ -342,6 +342,23 @@
 }
 
 /* Return the session id or -1 if unknown */
+static int find_session_by_so(
+	int svi_max_percon,
+	int conn_id,
+	sort_op *so )
+{
+	int sess_id;
+	if (so == NULL) {
+		return -1;
+	}
+	for (sess_id = 0; sess_id < svi_max_percon; sess_id++) {
+		if ( sort_conns[conn_id] && sort_conns[conn_id][sess_id] == so )
+			return sess_id;
+	}
+	return -1;
+}
+
+/* Return the session id or -1 if unknown */
 static int find_session_by_context(
 	int svi_max_percon,
 	int conn_id,
@@ -379,14 +396,13 @@
 static void free_sort_op( Connection *conn, sort_op *so )
 {
 	int sess_id;
-	PagedResultsCookie ps_cookie = (PagedResultsCookie) so->so_tree;
 	if ( so->so_tree ) {
 		tavl_free( so->so_tree, ch_free );
 		so->so_tree = NULL;
 	}
 
 	ldap_pvt_thread_mutex_lock( &sort_conns_mutex );
-	sess_id = find_session_by_context( so->so_info->svi_max_percon,
conn->c_conn_idx, so->so_vcontext, ps_cookie );
+	sess_id = find_session_by_so( so->so_info->svi_max_percon, conn->c_conn_idx,
so );
 	sort_conns[conn->c_conn_idx][sess_id] = NULL;
 	so->so_info->svi_num--;
 	ldap_pvt_thread_mutex_unlock( &sort_conns_mutex );
@@ -492,7 +508,7 @@
 			sc->sc_nkeys * sizeof(struct berval), op->o_tmpmemctx );
 		sn->sn_vals = (struct berval *)(sn+1);
 		sn->sn_conn = op->o_conn->c_conn_idx;
-		sn->sn_session = find_session_by_context( so->so_info->svi_max_percon,
op->o_conn->c_conn_idx, vc->vc_context, NO_PS_COOKIE );
+		sn->sn_session = find_session_by_so( so->so_info->svi_max_percon,
op->o_conn->c_conn_idx, so );
 		sn->sn_vals[0] = bv;
 		for (i=1; i<sc->sc_nkeys; i++) {
 			BER_BVZERO( &sn->sn_vals[i] );
@@ -731,7 +747,7 @@
 		op->o_tmpfree( sn, op->o_tmpmemctx );
 		sn = sn2;
 		sn->sn_conn = op->o_conn->c_conn_idx;
-		sn->sn_session = find_session_by_context( so->so_info->svi_max_percon,
op->o_conn->c_conn_idx, so->so_vcontext, (PagedResultsCookie) so->so_tree );
+		sn->sn_session = find_session_by_so( so->so_info->svi_max_percon,
op->o_conn->c_conn_idx, so );
 
 		/* Insert into the AVL tree */
 		tavl_insert(&(so->so_tree), sn, node_insert, avl_dup_error);


Legal notice:
This patch file is derived from OpenLDAP Software. All of the
modifications to
OpenLDAP Software represented in this following patch were developed by
Raphael
Ouazana raphael.ouazana@linagora.com. These modifications are not subject to
any
license of Linagora.

The attached modifications to OpenLDAP Software are subject to the following
notice:
Copyright 2011 Raphael Ouazana, Linagora
Redistribution and use in source and binary forms, with or without
modification,
are permitted only as authorized by the OpenLDAP Public License.