|
|
26b369 |
From 14e3bea927c33a97ca8aed937b6edd9ce4557d24 Mon Sep 17 00:00:00 2001
|
|
|
26b369 |
From: Thierry Bordaz <tbordaz@redhat.com>
|
|
|
26b369 |
Date: Fri, 3 Apr 2020 15:23:10 +0200
|
|
|
26b369 |
Subject: [PATCH] Ticket 50905 - intermittent SSL hang with rhds
|
|
|
26b369 |
|
|
|
26b369 |
Bug Description:
|
|
|
26b369 |
On a successfull sasl bind, a new IO layer (sasl_io_enable) is registered on top of
|
|
|
26b369 |
the connection. Then sasl bind sends the successful result. Registration is
|
|
|
26b369 |
done while sasl bind thread holds c_mutex but result is sent while the c_mutex
|
|
|
26b369 |
is released.
|
|
|
26b369 |
|
|
|
26b369 |
If a new operation comes in just after c_mutex was released it is
|
|
|
26b369 |
possible that sasl bind sends the result while the new IO layer is pushed.
|
|
|
26b369 |
IO layers is partially initialized at that time. It can create sigseg or
|
|
|
26b369 |
deadlock or...
|
|
|
26b369 |
|
|
|
26b369 |
Fix Description:
|
|
|
26b369 |
The fix is to protect the send result from IO layer push.
|
|
|
26b369 |
i.e. move send_ldap_result into c_mutex
|
|
|
26b369 |
|
|
|
26b369 |
https://pagure.io/389-ds-base/issue/50905
|
|
|
26b369 |
|
|
|
26b369 |
Reviewed by: Mark Reynolds (Thanks !!)
|
|
|
26b369 |
|
|
|
26b369 |
Platforms tested: F29
|
|
|
26b369 |
|
|
|
26b369 |
Flag Day: no
|
|
|
26b369 |
|
|
|
26b369 |
Doc impact: no
|
|
|
26b369 |
---
|
|
|
26b369 |
ldap/servers/slapd/saslbind.c | 10 +++++++---
|
|
|
26b369 |
1 file changed, 7 insertions(+), 3 deletions(-)
|
|
|
26b369 |
|
|
|
26b369 |
diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c
|
|
|
26b369 |
index 0907c623f..ef29acf71 100644
|
|
|
26b369 |
--- a/ldap/servers/slapd/saslbind.c
|
|
|
26b369 |
+++ b/ldap/servers/slapd/saslbind.c
|
|
|
26b369 |
@@ -1118,12 +1118,16 @@ sasl_check_result:
|
|
|
26b369 |
/* Enable SASL I/O on the connection */
|
|
|
26b369 |
PR_EnterMonitor(pb_conn->c_mutex);
|
|
|
26b369 |
connection_set_io_layer_cb(pb_conn, sasl_io_enable, NULL, NULL);
|
|
|
26b369 |
+
|
|
|
26b369 |
+ /* send successful result before sasl_io_enable can be pushed by another incoming op */
|
|
|
26b369 |
+ send_ldap_result(pb, LDAP_SUCCESS, NULL, NULL, 0, NULL);
|
|
|
26b369 |
+
|
|
|
26b369 |
PR_ExitMonitor(pb_conn->c_mutex);
|
|
|
26b369 |
+ } else {
|
|
|
26b369 |
+ /* send successful result */
|
|
|
26b369 |
+ send_ldap_result(pb, LDAP_SUCCESS, NULL, NULL, 0, NULL);
|
|
|
26b369 |
}
|
|
|
26b369 |
|
|
|
26b369 |
- /* send successful result */
|
|
|
26b369 |
- send_ldap_result(pb, LDAP_SUCCESS, NULL, NULL, 0, NULL);
|
|
|
26b369 |
-
|
|
|
26b369 |
/* remove the sasl data from the pblock */
|
|
|
26b369 |
slapi_pblock_set(pb, SLAPI_BIND_RET_SASLCREDS, NULL);
|
|
|
26b369 |
|
|
|
26b369 |
--
|
|
|
26b369 |
2.25.4
|
|
|
26b369 |
|