[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6572) slapd crash caused by refint's cn=config modification

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6572) slapd crash caused by refint's cn=config modification
From: mbackes@symas.com
Date: Sun, 13 Jun 2010 04:10:49 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

--Apple-Mail-322--405209956
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=us-ascii

Here's a patch that fixes 6572.

* Switch to use BER_BVISNULL, BER_BVZERO, and ch_free instead
* Clean up Ozone's "breadcrumbs" while we're at it (unrelated but trivial)
* Should apply cleanly to RE24 and HEAD
* Older dyn-config refints (RE22, RE23) likely have the same problem

Matthew Backes
Symas Corporation
mbackes@symas.com


--Apple-Mail-322--405209956
Content-Disposition: attachment;
	filename=refint-patch-its-6572.txt
Content-Type: text/plain;
	name="refint-patch-its-6572.txt"
Content-Transfer-Encoding: 7bit

Index: refint.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/overlays/refint.c,v
retrieving revision 1.46
diff -u -r1.46 refint.c
--- refint.c	13 Apr 2010 20:18:25 -0000	1.46
+++ refint.c	13 Jun 2010 04:02:09 -0000
@@ -76,7 +76,6 @@
 } refint_q;
 
 typedef struct refint_data_s {
-	const char *message;			/* breadcrumbs */
 	struct refint_attrs_s *attrs;	/* list of known attrs */
 	BerValue dn;				/* basedn in parent, */
 	BerValue nothing;			/* the nothing value, if needed */
@@ -210,21 +209,17 @@
 			rc = 0;
 			break;
 		case REFINT_NOTHING:
-			if ( dd->nothing.bv_val )
-				ber_memfree ( dd->nothing.bv_val );
-			if ( dd->nnothing.bv_val )
-				ber_memfree ( dd->nnothing.bv_val );
-			dd->nothing.bv_len = 0;
-			dd->nnothing.bv_len = 0;
+			ch_free( dd->nothing.bv_val );
+			ch_free( dd->nnothing.bv_val );
+			BER_BVZERO( &dd->nothing );
+			BER_BVZERO( &dd->nnothing );
 			rc = 0;
 			break;
 		case REFINT_MODIFIERSNAME:
-			if ( dd->refint_dn.bv_val )
-				ber_memfree ( dd->refint_dn.bv_val );
-			if ( dd->refint_ndn.bv_val )
-				ber_memfree ( dd->refint_ndn.bv_val );
-			dd->refint_dn.bv_len = 0;
-			dd->refint_ndn.bv_len = 0;
+			ch_free( dd->refint_dn.bv_val );
+			ch_free( dd->refint_ndn.bv_val );
+			BER_BVZERO( &dd->refint_dn );
+			BER_BVZERO( &dd->refint_ndn );
 			rc = 0;
 			break;
 		default:
@@ -256,22 +251,26 @@
 			}
 			break;
 		case REFINT_NOTHING:
-			if ( dd->nothing.bv_val )
-				ber_memfree ( dd->nothing.bv_val );
-			if ( dd->nnothing.bv_val )
-				ber_memfree ( dd->nnothing.bv_val );
-			dd->nothing = c->value_dn;
-			dd->nnothing = c->value_ndn;
-			rc = 0;
+			if ( !BER_BVISNULL( &c->value_ndn )) {
+				ch_free ( dd->nothing.bv_val );
+				ch_free ( dd->nnothing.bv_val );
+				dd->nothing = c->value_dn;
+				dd->nnothing = c->value_ndn;
+				rc = 0;
+			} else {
+				rc = ARG_BAD_CONF;
+			}
 			break;
 		case REFINT_MODIFIERSNAME:
-			if ( dd->refint_dn.bv_val )
-				ber_memfree ( dd->refint_dn.bv_val );
-			if ( dd->refint_ndn.bv_val )
-				ber_memfree ( dd->refint_ndn.bv_val );
-			dd->refint_dn = c->value_dn;
-			dd->refint_ndn = c->value_ndn;
-			rc = 0;
+			if ( !BER_BVISNULL( &c->value_ndn )) {
+				ch_free( &dd->refint_dn.bv_val );
+				ch_free( &dd->refint_ndn.bv_val );
+				dd->refint_dn = c->value_dn;
+				dd->refint_ndn = c->value_ndn;
+				rc = 0;
+			} else {
+				rc = ARG_BAD_CONF;
+			}
 			break;
 		default:
 			abort ();
@@ -299,7 +298,6 @@
 	slap_overinst *on = (slap_overinst *)be->bd_info;
 	refint_data *id = ch_calloc(1,sizeof(refint_data));
 
-	id->message = "_init";
 	on->on_bi.bi_private = id;
 	ldap_pvt_thread_mutex_init( &id->qmutex );
 	return(0);
@@ -335,7 +333,6 @@
 {
 	slap_overinst *on	= (slap_overinst *)be->bd_info;
 	refint_data *id	= on->on_bi.bi_private;
-	id->message		= "_open";
 
 	if ( BER_BVISNULL( &id->dn )) {
 		if ( BER_BVISNULL( &be->be_nsuffix[0] ))
@@ -354,7 +351,6 @@
 ** foreach configured attribute:
 **	free it;
 ** free our basedn;
-** (do not) free id->message;
 ** reset on_bi.bi_private;
 ** free our config data;
 **
@@ -369,7 +365,6 @@
 	slap_overinst *on	= (slap_overinst *) be->bd_info;
 	refint_data *id	= on->on_bi.bi_private;
 	refint_attrs *ii, *ij;
-	id->message		= "_close";
 
 	for(ii = id->attrs; ii; ii = ij) {
 		ij = ii->next;
@@ -870,8 +865,6 @@
 	BackendDB *db = NULL;
 	refint_attrs *ip;
 
-	id->message = "_refint_response";
-
 	/* If the main op failed or is not a Delete or ModRdn, ignore it */
 	if (( op->o_tag != LDAP_REQ_DELETE && op->o_tag != LDAP_REQ_MODRDN ) ||
 		rs->sr_err != LDAP_SUCCESS )

--Apple-Mail-322--405209956--

Prev by Date: (ITS#6572)
Next by Date: Re: (ITS#6572) slapd crash caused by refint's cn=config modification
Index(es):
- Chronological
- Thread