From 05b66529117d1cd85a636ab7d8fc84abdec814de Mon Sep 17 00:00:00 2001

From: William Brown <william@blackhats.net.au>

Date: Thu, 12 Nov 2020 13:04:21 +1000

Subject: [PATCH] Issue 4428 - BUG Paged Results with critical false causes

 sigsegv in chaining

Bug Description: When a paged search through chaining backend is

received with a false criticality (such as SSSD), chaining backend

will sigsegv due to a null context.

Fix Description: When a NULL ctx is recieved to be freed, this is

as paged results have finished being sent, so we check the NULL

ctx and move on.

fixes: #4428

Author: William Brown <william@blackhats.net.au>

Review by: @droideck, @mreynolds389

---

 ldap/servers/plugins/chainingdb/cb_search.c | 6 ++++++

 ldap/servers/plugins/chainingdb/cb_utils.c  | 4 ++++

 2 files changed, 10 insertions(+)

diff --git a/ldap/servers/plugins/chainingdb/cb_search.c b/ldap/servers/plugins/chainingdb/cb_search.c

index 69d23a6b5..d47cbc8e4 100644

--- a/ldap/servers/plugins/chainingdb/cb_search.c

+++ b/ldap/servers/plugins/chainingdb/cb_search.c

@@ -740,6 +740,12 @@ chaining_back_search_results_release(void **sr)

     slapi_log_err(SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,

                   "chaining_back_search_results_release\n");

+    if (ctx == NULL) {

+        /* The paged search is already complete, just return */

+        /* Could we have a ctx state flag instead? */

+        return;

+    }

+

     if (ctx->readahead != ctx->tobefreed) {

         slapi_entry_free(ctx->readahead);

     }

diff --git a/ldap/servers/plugins/chainingdb/cb_utils.c b/ldap/servers/plugins/chainingdb/cb_utils.c

index dfd5dd92c..d52fd25a6 100644

--- a/ldap/servers/plugins/chainingdb/cb_utils.c

+++ b/ldap/servers/plugins/chainingdb/cb_utils.c

@@ -279,7 +279,11 @@ cb_add_suffix(cb_backend_instance *inst, struct berval **bvals, int apply_mod, c

     return LDAP_SUCCESS;

 }

+#ifdef DEBUG

+static int debug_on = 1;

+#else

 static int debug_on = 0;

+#endif

 int

 cb_debug_on()

-- 

2.26.2