|
 |
dc8c34 |
From deb4426cae8be62cc7531862b0232fb818bb807b Mon Sep 17 00:00:00 2001
|
|
|
dc8c34 |
From: Rich Megginson <rmeggins@redhat.com>
|
|
|
dc8c34 |
Date: Fri, 23 Aug 2013 14:16:29 -0600
|
|
|
dc8c34 |
Subject: [PATCH 101/101] Bug 999634 - ns-slapd crash due to bogus DN
|
|
|
dc8c34 |
|
|
|
dc8c34 |
https://bugzilla.redhat.com/show_bug.cgi?id=999634
|
|
|
dc8c34 |
Reviewed by: ???
|
|
|
dc8c34 |
Branch: rhel-6.5
|
|
|
dc8c34 |
Fix Description: When the target DN is not a valid DN, the code will bypass
|
|
|
dc8c34 |
the initialization of unhashed_pw_smod, and attempt to call slapi_smods_done.
|
|
|
dc8c34 |
Depending on what memory is in the unhashed_pw_smod, if both mods and
|
|
|
dc8c34 |
free_mods are true, an attempt will be made to free mods or *mods and the
|
|
|
dc8c34 |
server will crash. It is tricky to find the right sequence of operations
|
|
|
dc8c34 |
that will write the stack in such a way that both unhashed_pw_smod.mods
|
|
|
dc8c34 |
and unhashed_pw_smod.free_mods are set.
|
|
|
dc8c34 |
The fix is to just get rid of unhashed_pw_smod which is not used.
|
|
|
dc8c34 |
I also check this code and other operation code for similar cases, but the
|
|
|
dc8c34 |
rest of the code is clean.
|
|
|
dc8c34 |
Platforms tested: RHEL6 x86_64
|
|
|
dc8c34 |
Flag Day: no
|
|
|
dc8c34 |
Doc impact: no
|
|
|
dc8c34 |
(cherry picked from commit a3d65ac00df871675896f587b0da2c24eab961bb)
|
|
|
dc8c34 |
---
|
|
|
dc8c34 |
ldap/servers/slapd/modify.c | 4 ----
|
|
|
dc8c34 |
1 file changed, 4 deletions(-)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
|
|
|
dc8c34 |
index da742da..5e52f26 100644
|
|
|
dc8c34 |
--- a/ldap/servers/slapd/modify.c
|
|
|
dc8c34 |
+++ b/ldap/servers/slapd/modify.c
|
|
|
dc8c34 |
@@ -642,7 +642,6 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
|
|
|
dc8c34 |
int passin_sdn = 0;
|
|
|
dc8c34 |
LDAPMod **mods, *pw_mod, **tmpmods = NULL;
|
|
|
dc8c34 |
Slapi_Mods smods;
|
|
|
dc8c34 |
- Slapi_Mods unhashed_pw_smod;
|
|
|
dc8c34 |
int repl_op, internal_op, lastmod, skip_modified_attrs;
|
|
|
dc8c34 |
char *unhashed_pw_attr = NULL;
|
|
|
dc8c34 |
Slapi_Operation *operation;
|
|
|
dc8c34 |
@@ -681,8 +680,6 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
slapi_mods_init_passin (&smods, mods);
|
|
|
dc8c34 |
|
|
|
dc8c34 |
- slapi_mods_init(&unhashed_pw_smod, 0);
|
|
|
dc8c34 |
-
|
|
|
dc8c34 |
/* target spec is used to decide which plugins are applicable for the operation */
|
|
|
dc8c34 |
operation_set_target_spec (pb->pb_op, sdn);
|
|
|
dc8c34 |
|
|
|
dc8c34 |
@@ -1008,7 +1005,6 @@ free_and_return:
|
|
|
dc8c34 |
if (be)
|
|
|
dc8c34 |
slapi_be_Unlock(be);
|
|
|
dc8c34 |
|
|
|
dc8c34 |
- slapi_mods_done(&unhashed_pw_smod); /* can finalize now */
|
|
|
dc8c34 |
if (unhashed_pw_attr)
|
|
|
dc8c34 |
slapi_ch_free ((void**)&unhashed_pw_attr);
|
|
|
dc8c34 |
|
|
|
dc8c34 |
--
|
|
|
dc8c34 |
1.8.1.4
|
|
|
dc8c34 |
|