andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone

Blame SOURCES/0065-Ticket-49291-slapi_search_internal_callback_pb-may-S.patch

b69e47
From 28529671057c95327a35c326ee99fcafccad9de9 Mon Sep 17 00:00:00 2001
b69e47
From: Thierry Bordaz <tbordaz@redhat.com>
b69e47
Date: Wed, 14 Jun 2017 18:36:55 +0200
b69e47
Subject: [PATCH] Ticket 49291 - slapi_search_internal_callback_pb may SIGSEV
b69e47
 if related pblock has not operation set
b69e47
b69e47
Bug Description:
b69e47
    if slapi_search_internal_set_pb is called with an invalid (NULL) base, the pblock should not
b69e47
    be used to call send_ldap_result. If it is, the send_ldap_result trying to derefence the
b69e47
    operation pointer will crash
b69e47
b69e47
Fix Description:
b69e47
    Check that the operation is set before derefencing it
b69e47
b69e47
https://pagure.io/389-ds-base/issue/49291
b69e47
b69e47
Reviewed by: Mark Reynolds
b69e47
b69e47
Platforms tested: F23
b69e47
b69e47
Flag Day: no
b69e47
b69e47
Doc impact: no
b69e47
---
b69e47
 ldap/servers/slapd/result.c | 5 +++++
b69e47
 1 file changed, 5 insertions(+)
b69e47
b69e47
diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
b69e47
index 56257c3..f3016ca 100644
b69e47
--- a/ldap/servers/slapd/result.c
b69e47
+++ b/ldap/servers/slapd/result.c
b69e47
@@ -350,6 +350,11 @@ send_ldap_result_ext(
b69e47
 	slapi_pblock_get (pb, SLAPI_BIND_METHOD, &bind_method);
b69e47
 	slapi_pblock_get (pb, SLAPI_OPERATION, &operation);
b69e47
 
b69e47
+	if (operation == NULL) {
b69e47
+		slapi_log_err(SLAPI_LOG_ERR, "send_ldap_result_ext", "No operation found: slapi_search_internal_set_pb was incomplete (invalid 'base' ?)\n");
b69e47
+		return;
b69e47
+	}
b69e47
+
b69e47
 	if (operation->o_status == SLAPI_OP_STATUS_RESULT_SENT) {
b69e47
 		return; /* result already sent */
b69e47
 	}
b69e47
-- 
b69e47
2.9.5
b69e47