|
 |
ed9856 |
From ffeb863e47ab35cbb2e5666847561451d0394ed9 Mon Sep 17 00:00:00 2001
|
|
|
ed9856 |
From: tbordaz <tbordaz@redhat.com>
|
|
|
ed9856 |
Date: Mon, 11 Jan 2021 17:33:06 +0100
|
|
|
ed9856 |
Subject: [PATCH] Issue 4521 - DS crash in deref plugin if dereferenced entry
|
|
|
ed9856 |
exists but is not returned by internal search (#4525)
|
|
|
ed9856 |
|
|
|
ed9856 |
Bug description:
|
|
|
ed9856 |
For each returned entry, deref plugin dereferences some attribute values that refer to entries.
|
|
|
ed9856 |
To do this it does an internal search (scope base) with each attribute values.
|
|
|
ed9856 |
Deref plugin assumes that if internal search succeeds, a single entry is returned.
|
|
|
ed9856 |
It exists cases (not identified) where internal search succeeds but returns no entry.
|
|
|
ed9856 |
In such case (search succeeds but no entry returned) the server crash.
|
|
|
ed9856 |
Note: wonder if DB deadlock could lead to such situation.
|
|
|
ed9856 |
|
|
|
ed9856 |
Fix description:
|
|
|
ed9856 |
Make a hardening fix that logs warning in such case
|
|
|
ed9856 |
|
|
|
ed9856 |
relates: https://github.com/389ds/389-ds-base/issues/4521
|
|
|
ed9856 |
|
|
|
ed9856 |
Reviewed by: Mark Reynolds (thanks)
|
|
|
ed9856 |
|
|
|
ed9856 |
Platforms tested: F31
|
|
|
ed9856 |
---
|
|
|
ed9856 |
ldap/servers/plugins/deref/deref.c | 15 +++++++++++++++
|
|
|
ed9856 |
1 file changed, 15 insertions(+)
|
|
|
ed9856 |
|
|
|
ed9856 |
diff --git a/ldap/servers/plugins/deref/deref.c b/ldap/servers/plugins/deref/deref.c
|
|
|
ed9856 |
index ec1884ba3..fc1c10f71 100644
|
|
|
ed9856 |
--- a/ldap/servers/plugins/deref/deref.c
|
|
|
ed9856 |
+++ b/ldap/servers/plugins/deref/deref.c
|
|
|
ed9856 |
@@ -592,6 +592,21 @@ deref_do_deref_attr(Slapi_PBlock *pb, BerElement *ctrlber, const char *derefdn,
|
|
|
ed9856 |
slapi_log_err(SLAPI_LOG_PLUGIN, DEREF_PLUGIN_SUBSYSTEM,
|
|
|
ed9856 |
"deref_do_deref_attr - More than one entry matching DN [%s]\n",
|
|
|
ed9856 |
derefdn);
|
|
|
ed9856 |
+ } else if (entries[0] == NULL) {
|
|
|
ed9856 |
+ int32_t op_id;
|
|
|
ed9856 |
+ uint64_t conn_id;
|
|
|
ed9856 |
+
|
|
|
ed9856 |
+ slapi_pblock_get(pb, SLAPI_OPERATION_ID, &op_id);
|
|
|
ed9856 |
+ slapi_pblock_get(pb, SLAPI_CONN_ID, &conn_id);
|
|
|
ed9856 |
+ /* Weird case not clearly understood:
|
|
|
ed9856 |
+ * the entry 'derefdn' exists (else we would have NOT_SUCH_ENTRY in 'rc')
|
|
|
ed9856 |
+ * but it is not returned by the internal search. Note that internal search
|
|
|
ed9856 |
+ * returns tombstone or subentry.
|
|
|
ed9856 |
+ * Just to prevent a crash, catch this error condition and log a warning
|
|
|
ed9856 |
+ */
|
|
|
ed9856 |
+ slapi_log_err(SLAPI_LOG_WARNING, DEREF_PLUGIN_SUBSYSTEM,
|
|
|
ed9856 |
+ "deref_do_deref_attr - conn=%" PRIu64 " op=%d - failed to retrieve the entry [%s], although the entry exists\n",
|
|
|
ed9856 |
+ conn_id, op_id, derefdn);
|
|
|
ed9856 |
} else {
|
|
|
ed9856 |
int ii;
|
|
|
ed9856 |
int needattrvals = 1; /* need attrvals sequence? */
|
|
|
ed9856 |
--
|
|
|
ed9856 |
2.26.2
|
|
|
ed9856 |
|