|
 |
dc8c34 |
From efd8801c3702eb53c0b6753dcb57b6872abb218d Mon Sep 17 00:00:00 2001
|
|
|
dc8c34 |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
dc8c34 |
Date: Tue, 30 Aug 2016 10:32:45 -0400
|
|
|
dc8c34 |
Subject: [PATCH 402/404] Ticket 48970 - Serverside sorting crashes the server
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Bug Description: When using a matching rule and server side sorting
|
|
|
dc8c34 |
the server does a double-free on the matching rule
|
|
|
dc8c34 |
keys which crashes the server.
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Fix Description: Set the pblock pointer to NULL after the keys are
|
|
|
dc8c34 |
freed. This prevents the double free.
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Also fixed some complier warnings/indentation.
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Valgrind: passed
|
|
|
dc8c34 |
|
|
|
dc8c34 |
https://fedorahosted.org/389/ticket/48970
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Reviewed by: nhosoi(Thanks!)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
(cherry picked from commit 43997fa8782ca93e20595ae10e303d85e5b765f4)
|
|
|
dc8c34 |
(cherry picked from commit dba6ff0c2fc12881179beaeb1d62c97c8d487c5b)
|
|
|
dc8c34 |
---
|
|
|
dc8c34 |
ldap/servers/plugins/collation/collate.c | 14 ++++----
|
|
|
dc8c34 |
ldap/servers/plugins/collation/orfilter.c | 55 ++++++++++++++++++-------------
|
|
|
dc8c34 |
ldap/servers/slapd/back-ldbm/sort.c | 12 +++----
|
|
|
dc8c34 |
3 files changed, 43 insertions(+), 38 deletions(-)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
diff --git a/ldap/servers/plugins/collation/collate.c b/ldap/servers/plugins/collation/collate.c
|
|
|
dc8c34 |
index 2a73ee1..6d293f7 100644
|
|
|
dc8c34 |
--- a/ldap/servers/plugins/collation/collate.c
|
|
|
dc8c34 |
+++ b/ldap/servers/plugins/collation/collate.c
|
|
|
dc8c34 |
@@ -376,23 +376,23 @@ collation_index (indexer_t* ix, struct berval** bvec, struct berval** prefixes)
|
|
|
dc8c34 |
return keys;
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
|
|
|
dc8c34 |
+/* The destructor function for a collation-based indexer. */
|
|
|
dc8c34 |
static void
|
|
|
dc8c34 |
collation_indexer_destroy (indexer_t* ix)
|
|
|
dc8c34 |
- /* The destructor function for a collation-based indexer. */
|
|
|
dc8c34 |
{
|
|
|
dc8c34 |
collation_indexer_t* etc = (collation_indexer_t*) ix->ix_etc;
|
|
|
dc8c34 |
if (etc->converter) {
|
|
|
dc8c34 |
- ucnv_close(etc->converter);
|
|
|
dc8c34 |
- etc->converter = NULL;
|
|
|
dc8c34 |
+ ucnv_close(etc->converter);
|
|
|
dc8c34 |
+ etc->converter = NULL;
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
|
|
|
dc8c34 |
if (etc->collator) {
|
|
|
dc8c34 |
- ucol_close(etc->collator);
|
|
|
dc8c34 |
- etc->collator = NULL;
|
|
|
dc8c34 |
+ ucol_close(etc->collator);
|
|
|
dc8c34 |
+ etc->collator = NULL;
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
if (etc->ix_keys != NULL) {
|
|
|
dc8c34 |
- ber_bvecfree (etc->ix_keys);
|
|
|
dc8c34 |
- etc->ix_keys = NULL;
|
|
|
dc8c34 |
+ ber_bvecfree (etc->ix_keys);
|
|
|
dc8c34 |
+ etc->ix_keys = NULL;
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
slapi_ch_free((void**)&ix->ix_etc);
|
|
|
dc8c34 |
ix->ix_etc = NULL; /* just for hygiene */
|
|
|
dc8c34 |
diff --git a/ldap/servers/plugins/collation/orfilter.c b/ldap/servers/plugins/collation/orfilter.c
|
|
|
dc8c34 |
index 2293baf..bf1ccf8 100644
|
|
|
dc8c34 |
--- a/ldap/servers/plugins/collation/orfilter.c
|
|
|
dc8c34 |
+++ b/ldap/servers/plugins/collation/orfilter.c
|
|
|
dc8c34 |
@@ -63,7 +63,7 @@ static void
|
|
|
dc8c34 |
indexer_free (indexer_t* ix)
|
|
|
dc8c34 |
{
|
|
|
dc8c34 |
if (ix->ix_destroy != NULL) {
|
|
|
dc8c34 |
- ix->ix_destroy (ix);
|
|
|
dc8c34 |
+ ix->ix_destroy (ix);
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
slapi_ch_free((void**)&ix;;
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
@@ -250,23 +250,28 @@ op_filter_match (or_filter_t* or, struct berval** vals)
|
|
|
dc8c34 |
auto indexer_t* ix = or->or_indexer;
|
|
|
dc8c34 |
auto struct berval** v = ix->ix_index (ix, vals, NULL);
|
|
|
dc8c34 |
if (v != NULL) for (; *v; ++v) {
|
|
|
dc8c34 |
- auto struct berval** k = or->or_match_keys;
|
|
|
dc8c34 |
- if (k != NULL) for (; *k; ++k) {
|
|
|
dc8c34 |
- switch (or->or_op) {
|
|
|
dc8c34 |
- case SLAPI_OP_LESS:
|
|
|
dc8c34 |
- if (slapi_berval_cmp (*v, *k) < 0) return 0; break;
|
|
|
dc8c34 |
- case SLAPI_OP_LESS_OR_EQUAL:
|
|
|
dc8c34 |
- if (slapi_berval_cmp (*v, *k) <= 0) return 0; break;
|
|
|
dc8c34 |
- case SLAPI_OP_EQUAL:
|
|
|
dc8c34 |
- if (SLAPI_BERVAL_EQ (*v, *k)) return 0; break;
|
|
|
dc8c34 |
- case SLAPI_OP_GREATER_OR_EQUAL:
|
|
|
dc8c34 |
- if (slapi_berval_cmp (*v, *k) >= 0) return 0; break;
|
|
|
dc8c34 |
- case SLAPI_OP_GREATER:
|
|
|
dc8c34 |
- if (slapi_berval_cmp (*v, *k) > 0) return 0; break;
|
|
|
dc8c34 |
- default:
|
|
|
dc8c34 |
- break;
|
|
|
dc8c34 |
- }
|
|
|
dc8c34 |
- }
|
|
|
dc8c34 |
+ auto struct berval** k = or->or_match_keys;
|
|
|
dc8c34 |
+ if (k != NULL) for (; *k; ++k) {
|
|
|
dc8c34 |
+ switch (or->or_op) {
|
|
|
dc8c34 |
+ case SLAPI_OP_LESS:
|
|
|
dc8c34 |
+ if (slapi_berval_cmp (*v, *k) < 0) return 0;
|
|
|
dc8c34 |
+ break;
|
|
|
dc8c34 |
+ case SLAPI_OP_LESS_OR_EQUAL:
|
|
|
dc8c34 |
+ if (slapi_berval_cmp (*v, *k) <= 0) return 0;
|
|
|
dc8c34 |
+ break;
|
|
|
dc8c34 |
+ case SLAPI_OP_EQUAL:
|
|
|
dc8c34 |
+ if (SLAPI_BERVAL_EQ (*v, *k)) return 0;
|
|
|
dc8c34 |
+ break;
|
|
|
dc8c34 |
+ case SLAPI_OP_GREATER_OR_EQUAL:
|
|
|
dc8c34 |
+ if (slapi_berval_cmp (*v, *k) >= 0) return 0;
|
|
|
dc8c34 |
+ break;
|
|
|
dc8c34 |
+ case SLAPI_OP_GREATER:
|
|
|
dc8c34 |
+ if (slapi_berval_cmp (*v, *k) > 0) return 0;
|
|
|
dc8c34 |
+ break;
|
|
|
dc8c34 |
+ default:
|
|
|
dc8c34 |
+ break;
|
|
|
dc8c34 |
+ }
|
|
|
dc8c34 |
+ }
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
return -1;
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
@@ -599,7 +604,9 @@ op_indexer_destroy (Slapi_PBlock* pb)
|
|
|
dc8c34 |
auto indexer_t* ix = op_indexer_get (pb);
|
|
|
dc8c34 |
LDAPDebug (LDAP_DEBUG_FILTER, "op_indexer_destroy(%p)\n", (void*)ix, 0, 0);
|
|
|
dc8c34 |
if (ix != NULL) {
|
|
|
dc8c34 |
- indexer_free (ix);
|
|
|
dc8c34 |
+ indexer_free (ix);
|
|
|
dc8c34 |
+ /* The keys were freed, but we need to reset the pblock pointer */
|
|
|
dc8c34 |
+ slapi_pblock_set(pb, SLAPI_PLUGIN_MR_KEYS, NULL);
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
return 0;
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
@@ -652,10 +659,10 @@ typedef struct ss_indexer_t {
|
|
|
dc8c34 |
static void
|
|
|
dc8c34 |
ss_indexer_free (ss_indexer_t* ss)
|
|
|
dc8c34 |
{
|
|
|
dc8c34 |
- slapi_ch_free((void**)&ss->ss_oid);
|
|
|
dc8c34 |
+ slapi_ch_free_string(&ss->ss_oid);
|
|
|
dc8c34 |
if (ss->ss_indexer != NULL) {
|
|
|
dc8c34 |
- indexer_free (ss->ss_indexer);
|
|
|
dc8c34 |
- ss->ss_indexer = NULL;
|
|
|
dc8c34 |
+ indexer_free (ss->ss_indexer);
|
|
|
dc8c34 |
+ ss->ss_indexer = NULL;
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
slapi_ch_free((void**)&ss);
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
@@ -676,7 +683,9 @@ ss_indexer_destroy (Slapi_PBlock* pb)
|
|
|
dc8c34 |
auto ss_indexer_t* ss = ss_indexer_get (pb);
|
|
|
dc8c34 |
LDAPDebug (LDAP_DEBUG_FILTER, "ss_indexer_destroy(%p)\n", (void*)ss, 0, 0);
|
|
|
dc8c34 |
if (ss) {
|
|
|
dc8c34 |
- ss_indexer_free (ss);
|
|
|
dc8c34 |
+ ss_indexer_free(ss);
|
|
|
dc8c34 |
+ /* The keys were freed, but we need to reset the pblock pointer */
|
|
|
dc8c34 |
+ slapi_pblock_set(pb, SLAPI_PLUGIN_MR_KEYS, NULL);
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
|
|
|
dc8c34 |
diff --git a/ldap/servers/slapd/back-ldbm/sort.c b/ldap/servers/slapd/back-ldbm/sort.c
|
|
|
dc8c34 |
index 4164147..004b45c 100644
|
|
|
dc8c34 |
--- a/ldap/servers/slapd/back-ldbm/sort.c
|
|
|
dc8c34 |
+++ b/ldap/servers/slapd/back-ldbm/sort.c
|
|
|
dc8c34 |
@@ -61,15 +61,11 @@ static int print_out_sort_spec(char* buffer,sort_spec *s,int *size);
|
|
|
dc8c34 |
|
|
|
dc8c34 |
static void sort_spec_thing_free(sort_spec_thing *s)
|
|
|
dc8c34 |
{
|
|
|
dc8c34 |
- if (NULL != s->type) {
|
|
|
dc8c34 |
- slapi_ch_free((void **)&s->type);
|
|
|
dc8c34 |
- }
|
|
|
dc8c34 |
- if (NULL != s->matchrule) {
|
|
|
dc8c34 |
- slapi_ch_free( (void**)&s->matchrule);
|
|
|
dc8c34 |
- }
|
|
|
dc8c34 |
+ slapi_ch_free_string(&s->type);
|
|
|
dc8c34 |
+ slapi_ch_free_string(&s->matchrule);
|
|
|
dc8c34 |
if (NULL != s->mr_pb) {
|
|
|
dc8c34 |
destroy_matchrule_indexer(s->mr_pb);
|
|
|
dc8c34 |
- slapi_pblock_destroy (s->mr_pb);
|
|
|
dc8c34 |
+ slapi_pblock_destroy (s->mr_pb);
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
attr_done(&s->sattr);
|
|
|
dc8c34 |
slapi_ch_free( (void**)&s);
|
|
|
dc8c34 |
@@ -145,7 +141,7 @@ void sort_log_access(Slapi_PBlock *pb,sort_spec_thing *s,IDList *candidates)
|
|
|
dc8c34 |
/* Now output it */
|
|
|
dc8c34 |
ldbm_log_access_message(pb,buffer);
|
|
|
dc8c34 |
if (buffer != stack_buffer) {
|
|
|
dc8c34 |
- slapi_ch_free( (void**)&buffer);
|
|
|
dc8c34 |
+ slapi_ch_free_string(&buffer);
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
|
|
|
dc8c34 |
--
|
|
|
dc8c34 |
2.4.11
|
|
|
dc8c34 |
|