|
 |
a2f18f |
From a6532aa364e350224dcace082484a7cc58d678dc Mon Sep 17 00:00:00 2001
|
|
|
a2f18f |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
a2f18f |
Date: Mon, 10 Aug 2015 12:19:00 -0400
|
|
|
a2f18f |
Subject: [PATCH 41/45] Ticket 47686 - removing chaining database links trigger
|
|
|
a2f18f |
valgrind read errors
|
|
|
a2f18f |
|
|
|
a2f18f |
Bug Description: Plugins that remove their dse callback from the dse callback
|
|
|
a2f18f |
function lead to invalid reads in dse_call_callback().
|
|
|
a2f18f |
|
|
|
a2f18f |
Fix Description: In dse_call_callback(), save the pointers to the next callback,
|
|
|
a2f18f |
and its plugin, before we call the callback function. So in
|
|
|
a2f18f |
case the callback function removes itself, we are not accessing
|
|
|
a2f18f |
the freed callback pointer later on.
|
|
|
a2f18f |
|
|
|
a2f18f |
https://fedorahosted.org/389/ticket/47686
|
|
|
a2f18f |
|
|
|
a2f18f |
Reviewed by: nhosoi(Thanks!)
|
|
|
a2f18f |
|
|
|
a2f18f |
(cherry picked from commit a799c4670f2e6f6be1fc9a2828dc4a0f738d3021)
|
|
|
a2f18f |
(cherry picked from commit 29c669e43e16611a290e1c82dfdcf5b51903319e)
|
|
|
a2f18f |
---
|
|
|
a2f18f |
ldap/servers/slapd/dse.c | 13 ++++++++-----
|
|
|
a2f18f |
1 file changed, 8 insertions(+), 5 deletions(-)
|
|
|
a2f18f |
|
|
|
a2f18f |
diff --git a/ldap/servers/slapd/dse.c b/ldap/servers/slapd/dse.c
|
|
|
a2f18f |
index 61e2629..e8e393b 100644
|
|
|
a2f18f |
--- a/ldap/servers/slapd/dse.c
|
|
|
a2f18f |
+++ b/ldap/servers/slapd/dse.c
|
|
|
a2f18f |
@@ -2607,18 +2607,21 @@ dse_call_callback(struct dse* pdse, Slapi_PBlock *pb, int operation, int flags,
|
|
|
a2f18f |
|
|
|
a2f18f |
if (pdse->dse_callback != NULL) {
|
|
|
a2f18f |
struct dse_callback *p = pdse->dse_callback;
|
|
|
a2f18f |
+ struct dse_callback *next = NULL;
|
|
|
a2f18f |
int result = SLAPI_DSE_CALLBACK_OK;
|
|
|
a2f18f |
|
|
|
a2f18f |
while (p != NULL) {
|
|
|
a2f18f |
+ next = p->next;
|
|
|
a2f18f |
if ((p->operation & operation) && (p->flags & flags)) {
|
|
|
a2f18f |
if(slapi_sdn_scope_test(slapi_entry_get_sdn_const(entryBefore), p->base, p->scope)){
|
|
|
a2f18f |
if(NULL == p->slapifilter || slapi_vattr_filter_test(pb, entryBefore, p->slapifilter, 0) == 0){
|
|
|
a2f18f |
+ struct slapdplugin *plugin = p->plugin;
|
|
|
a2f18f |
int plugin_started = 1;
|
|
|
a2f18f |
|
|
|
a2f18f |
- if(p->plugin){
|
|
|
a2f18f |
+ if(plugin){
|
|
|
a2f18f |
/* this is a plugin callback, update the operation counter */
|
|
|
a2f18f |
- slapi_plugin_op_started(p->plugin);
|
|
|
a2f18f |
- if(!p->plugin->plg_started){
|
|
|
a2f18f |
+ slapi_plugin_op_started(plugin);
|
|
|
a2f18f |
+ if(!plugin->plg_started){
|
|
|
a2f18f |
/* must be a task function being called */
|
|
|
a2f18f |
result = SLAPI_DSE_CALLBACK_ERROR;
|
|
|
a2f18f |
PR_snprintf (returntext, SLAPI_DSE_RETURNTEXT_SIZE,
|
|
|
a2f18f |
@@ -2633,11 +2636,11 @@ dse_call_callback(struct dse* pdse, Slapi_PBlock *pb, int operation, int flags,
|
|
|
a2f18f |
if(result < rc){
|
|
|
a2f18f |
rc = result;
|
|
|
a2f18f |
}
|
|
|
a2f18f |
- slapi_plugin_op_finished(p->plugin);
|
|
|
a2f18f |
+ slapi_plugin_op_finished(plugin);
|
|
|
a2f18f |
}
|
|
|
a2f18f |
}
|
|
|
a2f18f |
}
|
|
|
a2f18f |
- p = p->next;
|
|
|
a2f18f |
+ p = next;
|
|
|
a2f18f |
}
|
|
|
a2f18f |
}
|
|
|
a2f18f |
return rc;
|
|
|
a2f18f |
--
|
|
|
a2f18f |
1.9.3
|
|
|
a2f18f |
|