|
|
3280a9 |
From 1386b140d8cc81d37fdea6593487fe542587ccac Mon Sep 17 00:00:00 2001
|
|
|
3280a9 |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
3280a9 |
Date: Wed, 9 Dec 2020 09:52:08 -0500
|
|
|
3280a9 |
Subject: [PATCH] Issue 4483 - heap-use-after-free in slapi_be_getsuffix
|
|
|
3280a9 |
|
|
|
3280a9 |
Description: heap-use-after-free in slapi_be_getsuffix after disk
|
|
|
3280a9 |
monitoring runs. This feature is freeing a list of
|
|
|
3280a9 |
backends which it does not need to do.
|
|
|
3280a9 |
|
|
|
3280a9 |
Fixes: https://github.com/389ds/389-ds-base/issues/4483
|
|
|
3280a9 |
|
|
|
3280a9 |
Reviewed by: firstyear & tbordaz(Thanks!!)
|
|
|
3280a9 |
---
|
|
|
3280a9 |
ldap/servers/slapd/daemon.c | 13 +------------
|
|
|
3280a9 |
1 file changed, 1 insertion(+), 12 deletions(-)
|
|
|
3280a9 |
|
|
|
3280a9 |
diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
|
|
|
3280a9 |
index 49199e4df..691f77570 100644
|
|
|
3280a9 |
--- a/ldap/servers/slapd/daemon.c
|
|
|
3280a9 |
+++ b/ldap/servers/slapd/daemon.c
|
|
|
3280a9 |
@@ -606,12 +606,6 @@ disk_monitoring_thread(void *nothing __attribute__((unused)))
|
|
|
3280a9 |
now = start;
|
|
|
3280a9 |
while ((now - start) < grace_period) {
|
|
|
3280a9 |
if (g_get_shutdown()) {
|
|
|
3280a9 |
- be_index = 0;
|
|
|
3280a9 |
- if (be_list[be_index] != NULL) {
|
|
|
3280a9 |
- while ((be = be_list[be_index++])) {
|
|
|
3280a9 |
- slapi_be_free(&be);
|
|
|
3280a9 |
- }
|
|
|
3280a9 |
- }
|
|
|
3280a9 |
slapi_ch_array_free(dirs);
|
|
|
3280a9 |
dirs = NULL;
|
|
|
3280a9 |
return;
|
|
|
3280a9 |
@@ -706,12 +700,7 @@ disk_monitoring_thread(void *nothing __attribute__((unused)))
|
|
|
3280a9 |
}
|
|
|
3280a9 |
}
|
|
|
3280a9 |
}
|
|
|
3280a9 |
- be_index = 0;
|
|
|
3280a9 |
- if (be_list[be_index] != NULL) {
|
|
|
3280a9 |
- while ((be = be_list[be_index++])) {
|
|
|
3280a9 |
- slapi_be_free(&be);
|
|
|
3280a9 |
- }
|
|
|
3280a9 |
- }
|
|
|
3280a9 |
+
|
|
|
3280a9 |
slapi_ch_array_free(dirs);
|
|
|
3280a9 |
dirs = NULL; /* now it is not needed but the code may be changed in the future and it'd better be more robust */
|
|
|
3280a9 |
g_set_shutdown(SLAPI_SHUTDOWN_DISKFULL);
|
|
|
3280a9 |
--
|
|
|
3280a9 |
2.26.2
|
|
|
3280a9 |
|