|
 |
b045b9 |
From a7a0db402b32dcec7fc93bcbef42174163ae9c12 Mon Sep 17 00:00:00 2001
|
|
|
b045b9 |
From: Ludwig Krispenz <lkrispen@redhat.com>
|
|
|
b045b9 |
Date: Tue, 12 Dec 2017 12:46:37 +0100
|
|
|
b045b9 |
Subject: [PATCH] Ticket 49493 - heap use after free in csn_as_string
|
|
|
b045b9 |
|
|
|
b045b9 |
Bug: If write_changlog_and_ruv failed teh csn pending list was not properly
|
|
|
b045b9 |
cleand and references to the prim csn were kept, but the prim csn was reset
|
|
|
b045b9 |
|
|
|
b045b9 |
Fix: check the return code for the mmr postop plugin and aset error codes properly
|
|
|
b045b9 |
that will triger cancel_opcsn
|
|
|
b045b9 |
|
|
|
b045b9 |
Reviewed by: Thierry, thanks
|
|
|
b045b9 |
Tested by: Viktor, thanks
|
|
|
b045b9 |
---
|
|
|
b045b9 |
ldap/servers/slapd/back-ldbm/ldbm_add.c | 22 +---------------------
|
|
|
b045b9 |
ldap/servers/slapd/back-ldbm/ldbm_delete.c | 4 ++++
|
|
|
b045b9 |
ldap/servers/slapd/back-ldbm/ldbm_modify.c | 4 ++++
|
|
|
b045b9 |
ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 4 ++++
|
|
|
b045b9 |
ldap/servers/slapd/back-ldbm/misc.c | 18 ++++++++++++++++++
|
|
|
b045b9 |
ldap/servers/slapd/back-ldbm/proto-back-ldbm.h | 1 +
|
|
|
b045b9 |
6 files changed, 32 insertions(+), 21 deletions(-)
|
|
|
b045b9 |
|
|
|
b045b9 |
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c
|
|
|
b045b9 |
index b7e17ad50..f29945a7e 100644
|
|
|
b045b9 |
--- a/ldap/servers/slapd/back-ldbm/ldbm_add.c
|
|
|
b045b9 |
+++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c
|
|
|
b045b9 |
@@ -22,7 +22,6 @@ extern char *hassubordinates;
|
|
|
b045b9 |
|
|
|
b045b9 |
static void delete_update_entrydn_operational_attributes(struct backentry *ep);
|
|
|
b045b9 |
|
|
|
b045b9 |
-static int set_error(Slapi_PBlock *pb, int retval, int ldap_result_code, char **ldap_result_message);
|
|
|
b045b9 |
#define ADD_SET_ERROR(rc, error, count) \
|
|
|
b045b9 |
{ \
|
|
|
b045b9 |
(rc) = (error); \
|
|
|
b045b9 |
@@ -1201,7 +1200,7 @@ ldbm_back_add(Slapi_PBlock *pb)
|
|
|
b045b9 |
|
|
|
b045b9 |
retval = plugin_call_mmr_plugin_postop(pb, NULL,SLAPI_PLUGIN_BE_TXN_POST_ADD_FN);
|
|
|
b045b9 |
if (retval) {
|
|
|
b045b9 |
- set_error(pb, retval, ldap_result_code, &ldap_result_message);
|
|
|
b045b9 |
+ ldbm_set_error(pb, retval, &ldap_result_code, &ldap_result_message);
|
|
|
b045b9 |
goto error_return;
|
|
|
b045b9 |
}
|
|
|
b045b9 |
|
|
|
b045b9 |
@@ -1471,22 +1470,3 @@ delete_update_entrydn_operational_attributes(struct backentry *ep)
|
|
|
b045b9 |
slapi_entry_attr_delete(ep->ep_entry, LDBM_ENTRYDN_STR);
|
|
|
b045b9 |
}
|
|
|
b045b9 |
|
|
|
b045b9 |
-static int
|
|
|
b045b9 |
-set_error(Slapi_PBlock *pb, int retval, int ldap_result_code, char **ldap_result_message)
|
|
|
b045b9 |
-{
|
|
|
b045b9 |
- int opreturn = 0;
|
|
|
b045b9 |
- if (!ldap_result_code) {
|
|
|
b045b9 |
- slapi_pblock_get(pb, SLAPI_RESULT_CODE, &ldap_result_code);
|
|
|
b045b9 |
- }
|
|
|
b045b9 |
- if (!ldap_result_code) {
|
|
|
b045b9 |
- ldap_result_code = LDAP_OPERATIONS_ERROR;
|
|
|
b045b9 |
- slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ldap_result_code);
|
|
|
b045b9 |
- }
|
|
|
b045b9 |
- slapi_pblock_get(pb, SLAPI_PLUGIN_OPRETURN, &opreturn);
|
|
|
b045b9 |
- if (!opreturn) {
|
|
|
b045b9 |
- slapi_pblock_set(pb, SLAPI_PLUGIN_OPRETURN, ldap_result_code ? &ldap_result_code : &retval);
|
|
|
b045b9 |
- }
|
|
|
b045b9 |
- slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message);
|
|
|
b045b9 |
-
|
|
|
b045b9 |
- return opreturn;
|
|
|
b045b9 |
-}
|
|
|
b045b9 |
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
|
|
|
b045b9 |
index db463c18c..be0db1bd0 100644
|
|
|
b045b9 |
--- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
|
|
|
b045b9 |
+++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
|
|
|
b045b9 |
@@ -1276,6 +1276,10 @@ replace_entry:
|
|
|
b045b9 |
}
|
|
|
b045b9 |
|
|
|
b045b9 |
retval = plugin_call_mmr_plugin_postop(pb, NULL,SLAPI_PLUGIN_BE_TXN_POST_DELETE_FN);
|
|
|
b045b9 |
+ if (retval) {
|
|
|
b045b9 |
+ ldbm_set_error(pb, retval, &ldap_result_code, &ldap_result_message);
|
|
|
b045b9 |
+ goto error_return;
|
|
|
b045b9 |
+ }
|
|
|
b045b9 |
|
|
|
b045b9 |
commit_return:
|
|
|
b045b9 |
/* Release SERIAL LOCK */
|
|
|
b045b9 |
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
|
|
|
b045b9 |
index 7ee796fd2..cc4319e5f 100644
|
|
|
b045b9 |
--- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c
|
|
|
b045b9 |
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
|
|
|
b045b9 |
@@ -867,6 +867,10 @@ ldbm_back_modify(Slapi_PBlock *pb)
|
|
|
b045b9 |
goto error_return;
|
|
|
b045b9 |
}
|
|
|
b045b9 |
retval = plugin_call_mmr_plugin_postop(pb, NULL,SLAPI_PLUGIN_BE_TXN_POST_MODIFY_FN);
|
|
|
b045b9 |
+ if (retval) {
|
|
|
b045b9 |
+ ldbm_set_error(pb, retval, &ldap_result_code, &ldap_result_message);
|
|
|
b045b9 |
+ goto error_return;
|
|
|
b045b9 |
+ }
|
|
|
b045b9 |
|
|
|
b045b9 |
/* Release SERIAL LOCK */
|
|
|
b045b9 |
retval = dblayer_txn_commit(be, &txn);
|
|
|
b045b9 |
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
|
|
|
b045b9 |
index 2c0cb074e..93fb77dc9 100644
|
|
|
b045b9 |
--- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
|
|
|
b045b9 |
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
|
|
|
b045b9 |
@@ -1211,6 +1211,10 @@ ldbm_back_modrdn(Slapi_PBlock *pb)
|
|
|
b045b9 |
goto error_return;
|
|
|
b045b9 |
}
|
|
|
b045b9 |
retval = plugin_call_mmr_plugin_postop(pb, NULL,SLAPI_PLUGIN_BE_TXN_POST_MODRDN_FN);
|
|
|
b045b9 |
+ if (retval) {
|
|
|
b045b9 |
+ ldbm_set_error(pb, retval, &ldap_result_code, &ldap_result_message);
|
|
|
b045b9 |
+ goto error_return;
|
|
|
b045b9 |
+ }
|
|
|
b045b9 |
|
|
|
b045b9 |
/* Release SERIAL LOCK */
|
|
|
b045b9 |
retval = dblayer_txn_commit(be, &txn);
|
|
|
b045b9 |
diff --git a/ldap/servers/slapd/back-ldbm/misc.c b/ldap/servers/slapd/back-ldbm/misc.c
|
|
|
b045b9 |
index df1afdfb1..c52e58a4a 100644
|
|
|
b045b9 |
--- a/ldap/servers/slapd/back-ldbm/misc.c
|
|
|
b045b9 |
+++ b/ldap/servers/slapd/back-ldbm/misc.c
|
|
|
b045b9 |
@@ -16,6 +16,24 @@
|
|
|
b045b9 |
|
|
|
b045b9 |
#include "back-ldbm.h"
|
|
|
b045b9 |
|
|
|
b045b9 |
+void
|
|
|
b045b9 |
+ldbm_set_error(Slapi_PBlock *pb, int retval, int *ldap_result_code, char **ldap_result_message)
|
|
|
b045b9 |
+{
|
|
|
b045b9 |
+ int opreturn = 0;
|
|
|
b045b9 |
+ if (!(*ldap_result_code)) {
|
|
|
b045b9 |
+ slapi_pblock_get(pb, SLAPI_RESULT_CODE, ldap_result_code);
|
|
|
b045b9 |
+ }
|
|
|
b045b9 |
+ if (!(*ldap_result_code)) {
|
|
|
b045b9 |
+ *ldap_result_code = LDAP_OPERATIONS_ERROR;
|
|
|
b045b9 |
+ slapi_pblock_set(pb, SLAPI_RESULT_CODE, ldap_result_code);
|
|
|
b045b9 |
+ }
|
|
|
b045b9 |
+ slapi_pblock_get(pb, SLAPI_PLUGIN_OPRETURN, &opreturn);
|
|
|
b045b9 |
+ if (!opreturn) {
|
|
|
b045b9 |
+ slapi_pblock_set(pb, SLAPI_PLUGIN_OPRETURN, *ldap_result_code ? ldap_result_code : &retval);
|
|
|
b045b9 |
+ }
|
|
|
b045b9 |
+ slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, ldap_result_message);
|
|
|
b045b9 |
+}
|
|
|
b045b9 |
+
|
|
|
b045b9 |
/* Takes a return code supposed to be errno or from lidb
|
|
|
b045b9 |
which we don't expect to see and prints a handy log message */
|
|
|
b045b9 |
void
|
|
|
b045b9 |
diff --git a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
|
|
|
b045b9 |
index 0cee3df62..da3eef18b 100644
|
|
|
b045b9 |
--- a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
|
|
|
b045b9 |
+++ b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
|
|
|
b045b9 |
@@ -379,6 +379,7 @@ int ldbm_txn_ruv_modify_context(Slapi_PBlock *pb, modify_context *mc);
|
|
|
b045b9 |
int get_value_from_string(const char *string, char *type, char **value);
|
|
|
b045b9 |
int get_values_from_string(const char *string, char *type, char ***valuearray);
|
|
|
b045b9 |
void normalize_dir(char *dir);
|
|
|
b045b9 |
+void ldbm_set_error(Slapi_PBlock *pb, int retval, int *ldap_result_code, char **ldap_result_message);
|
|
|
b045b9 |
|
|
|
b045b9 |
/*
|
|
|
b045b9 |
* nextid.c
|
|
|
b045b9 |
--
|
|
|
b045b9 |
2.13.6
|
|
|
b045b9 |
|