|
 |
a2f18f |
From 14e08bde4a48a8e8b56edc817b5d1e3d56b96c72 Mon Sep 17 00:00:00 2001
|
|
|
b161c9 |
From: Noriko Hosoi <nhosoi@redhat.com>
|
|
|
b161c9 |
Date: Tue, 15 Sep 2015 18:25:02 -0700
|
|
|
a2f18f |
Subject: [PATCH 56/61] Ticket #48226 - In MMR, double free coould occur under
|
|
|
a2f18f |
some special condition
|
|
|
b161c9 |
|
|
|
b161c9 |
Description: commit a0f8e0f981a046882db299a7a6d6d1c01bc19571 introduced
|
|
|
b161c9 |
a memory leak in the case of resolve_attribute_state_present_to_deleted.
|
|
|
b161c9 |
In the case, csnset is not consumed. Thus, it has to be freed by csnset_
|
|
|
b161c9 |
free.
|
|
|
b161c9 |
|
|
|
b161c9 |
https://fedorahosted.org/389/ticket/48226
|
|
|
b161c9 |
|
|
|
b161c9 |
Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
|
|
|
b161c9 |
|
|
|
b161c9 |
(cherry picked from commit b26ec6762fe2b5d37ade59243086cfd2308e8f0a)
|
|
|
b161c9 |
(cherry picked from commit 4a3efc3330a034fa485f33e453054758561d4cea)
|
|
|
b161c9 |
---
|
|
|
b161c9 |
ldap/servers/slapd/entrywsi.c | 22 +++++++++++-----------
|
|
|
b161c9 |
ldap/servers/slapd/valueset.c | 1 +
|
|
|
b161c9 |
2 files changed, 12 insertions(+), 11 deletions(-)
|
|
|
b161c9 |
|
|
|
b161c9 |
diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c
|
|
|
a2f18f |
index e719dce..a8f8455 100644
|
|
|
b161c9 |
--- a/ldap/servers/slapd/entrywsi.c
|
|
|
b161c9 |
+++ b/ldap/servers/slapd/entrywsi.c
|
|
|
a2f18f |
@@ -1280,23 +1280,23 @@ resolve_attribute_state_present_to_deleted(Slapi_Entry *e, Slapi_Attr *a, Slapi_
|
|
|
b161c9 |
const CSN *adcsn= attr_get_deletion_csn(a);
|
|
|
b161c9 |
int i;
|
|
|
b161c9 |
if ( valuestoupdate != NULL && valuestoupdate[0] != NULL ) {
|
|
|
b161c9 |
- for (i=0;valuestoupdate[i]!=NULL;++i) {
|
|
|
b161c9 |
- /* This call ensures that the value does not contain a deletion_csn
|
|
|
b161c9 |
- * which is before the presence_csn or distinguished_csn of the value.
|
|
|
b161c9 |
- */
|
|
|
b161c9 |
- purge_attribute_state_multi_valued(a, valuestoupdate[i]);
|
|
|
b161c9 |
- vdcsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_DELETED);
|
|
|
b161c9 |
- vucsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_UPDATED);
|
|
|
b161c9 |
- deletedcsn= csn_max(vdcsn, adcsn);
|
|
|
b161c9 |
+ for (i=0;valuestoupdate[i]!=NULL;++i) {
|
|
|
b161c9 |
+ /* This call ensures that the value does not contain a deletion_csn
|
|
|
b161c9 |
+ * which is before the presence_csn or distinguished_csn of the value.
|
|
|
b161c9 |
+ */
|
|
|
b161c9 |
+ purge_attribute_state_multi_valued(a, valuestoupdate[i]);
|
|
|
b161c9 |
+ vdcsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_DELETED);
|
|
|
b161c9 |
+ vucsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_UPDATED);
|
|
|
b161c9 |
+ deletedcsn= csn_max(vdcsn, adcsn);
|
|
|
b161c9 |
if(csn_compare(vucsn,deletedcsn)<0)
|
|
|
b161c9 |
{
|
|
|
b161c9 |
- if(!value_distinguished_at_csn(e, a, valuestoupdate[i], deletedcsn))
|
|
|
b161c9 |
+ if(!value_distinguished_at_csn(e, a, valuestoupdate[i], deletedcsn))
|
|
|
b161c9 |
{
|
|
|
b161c9 |
entry_present_value_to_deleted_value(a,valuestoupdate[i]);
|
|
|
b161c9 |
}
|
|
|
b161c9 |
}
|
|
|
b161c9 |
- valuestoupdate[i]->v_csnset = NULL;
|
|
|
b161c9 |
- }
|
|
|
b161c9 |
+ csnset_free(&valuestoupdate[i]->v_csnset);
|
|
|
b161c9 |
+ }
|
|
|
b161c9 |
}
|
|
|
b161c9 |
}
|
|
|
b161c9 |
|
|
|
b161c9 |
diff --git a/ldap/servers/slapd/valueset.c b/ldap/servers/slapd/valueset.c
|
|
|
a2f18f |
index 7eabb82..50c0e52 100644
|
|
|
b161c9 |
--- a/ldap/servers/slapd/valueset.c
|
|
|
b161c9 |
+++ b/ldap/servers/slapd/valueset.c
|
|
|
a2f18f |
@@ -1416,6 +1416,7 @@ valueset_update_csn_for_valuearray_ext(Slapi_ValueSet *vs, const Slapi_Attr *a,
|
|
|
b161c9 |
{
|
|
|
b161c9 |
value_update_csn(v,t,csn);
|
|
|
b161c9 |
if (csnref_updated) {
|
|
|
b161c9 |
+ csnset_free(&valuestoupdate[i]->v_csnset);
|
|
|
b161c9 |
valuestoupdate[i]->v_csnset = csnset_dup(value_get_csnset(v));
|
|
|
b161c9 |
}
|
|
|
b161c9 |
valuearrayfast_add_value_passin(&vaf_valuesupdated,valuestoupdate[i]);
|
|
|
b161c9 |
--
|
|
|
b161c9 |
1.9.3
|
|
|
b161c9 |
|