andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone
22b3c5
From c78a8d4159ff2620f5eeaed219287851d056d329 Mon Sep 17 00:00:00 2001
22b3c5
From: tbordaz <tbordaz@redhat.com>
22b3c5
Date: Thu, 10 Jun 2021 15:03:27 +0200
22b3c5
Subject: [PATCH] Issue 4797 - ACL IP ADDRESS evaluation may corrupt
22b3c5
 c_isreplication_session connection flags (#4799)
22b3c5
22b3c5
Bug description:
22b3c5
	The fix for ticket #3764 was broken with a missing break in a
22b3c5
	switch. The consequence is that while setting the client IP
22b3c5
	address in the pblock (SLAPI_CONN_CLIENTNETADDR_ACLIP), the
22b3c5
	connection is erroneously set as replication connection.
22b3c5
        This can lead to crash or failure of testcase
22b3c5
        test_access_from_certain_network_only_ip.
22b3c5
        This bug was quite hidden until the fix for #4764 is
22b3c5
        showing it more frequently
22b3c5
22b3c5
Fix description:
22b3c5
	Add the missing break
22b3c5
22b3c5
relates: https://github.com/389ds/389-ds-base/issues/4797
22b3c5
22b3c5
Reviewed by: Mark Reynolds
22b3c5
22b3c5
Platforms tested: F33
22b3c5
---
22b3c5
 ldap/servers/slapd/pblock.c | 3 ++-
22b3c5
 1 file changed, 2 insertions(+), 1 deletion(-)
22b3c5
22b3c5
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
22b3c5
index d21cf7e76..47d802219 100644
22b3c5
--- a/ldap/servers/slapd/pblock.c
22b3c5
+++ b/ldap/servers/slapd/pblock.c
22b3c5
@@ -2579,7 +2579,7 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value)
22b3c5
         pblock->pb_conn->c_authtype = slapi_ch_strdup((char *)value);
22b3c5
         PR_ExitMonitor(pblock->pb_conn->c_mutex);
22b3c5
         break;
22b3c5
-	case SLAPI_CONN_CLIENTNETADDR_ACLIP:
22b3c5
+    case SLAPI_CONN_CLIENTNETADDR_ACLIP:
22b3c5
         if (pblock->pb_conn == NULL) {
22b3c5
             break;
22b3c5
         }
22b3c5
@@ -2587,6 +2587,7 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value)
22b3c5
         slapi_ch_free((void **)&pblock->pb_conn->cin_addr_aclip);
22b3c5
         pblock->pb_conn->cin_addr_aclip = (PRNetAddr *)value;
22b3c5
         PR_ExitMonitor(pblock->pb_conn->c_mutex);
22b3c5
+        break;
22b3c5
     case SLAPI_CONN_IS_REPLICATION_SESSION:
22b3c5
         if (pblock->pb_conn == NULL) {
22b3c5
             slapi_log_err(SLAPI_LOG_ERR,
22b3c5
-- 
22b3c5
2.31.1
22b3c5