Blame SOURCES/0062-Ticket-49370-Crash-when-using-a-global-and-local-pw.patch

081b2d
From 3bdd7b5cccd2993c5ae5b9d893be15c71373aaf8 Mon Sep 17 00:00:00 2001
081b2d
From: Mark Reynolds <mreynolds@redhat.com>
081b2d
Date: Mon, 29 Jan 2018 11:53:33 -0500
081b2d
Subject: [PATCH] Ticket 49370 - Crash when using a global and local pw 
081b2d
 policies
081b2d
081b2d
Description:  This a regression from the previous patch.  We were
081b2d
              accidently using a reference to the global pw policy
081b2d
              password storage scheme, which was getting freed after
081b2d
              pblock was done from an operation.  The next operation
081b2d
              then used(and double freed) this memory on the next
081b2d
              operation.
081b2d
081b2d
https://pagure.io/389-ds-base/issue/49370
081b2d
081b2d
Reviewed by: tbordaz (Thanks!)
081b2d
081b2d
(cherry picked from commit d86e0f9634e694feb378ee335d29b2e89fd27e2c)
081b2d
---
081b2d
 ldap/servers/slapd/pw.c | 32 +++++++++++++++++---------------
081b2d
 1 file changed, 17 insertions(+), 15 deletions(-)
081b2d
081b2d
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
081b2d
index 3a545e12e..451be364d 100644
081b2d
--- a/ldap/servers/slapd/pw.c
081b2d
+++ b/ldap/servers/slapd/pw.c
081b2d
@@ -209,7 +209,7 @@ pw_name2scheme(char *name)
081b2d
     struct pw_scheme *pwsp;
081b2d
     struct slapdplugin *p;
081b2d
 
081b2d
-    if ((p = plugin_get_pwd_storage_scheme(name, strlen(name), PLUGIN_LIST_PWD_STORAGE_SCHEME)) != NULL) {
081b2d
+    if (name != NULL && (p = plugin_get_pwd_storage_scheme(name, strlen(name), PLUGIN_LIST_PWD_STORAGE_SCHEME)) != NULL) {
081b2d
         pwsp = (struct pw_scheme *)slapi_ch_malloc(sizeof(struct pw_scheme));
081b2d
         if (pwsp != NULL) {
081b2d
             typedef int (*CMPFP)(char *, char *);
081b2d
@@ -1612,18 +1612,18 @@ pw_get_admin_users(passwdPolicy *pwp)
081b2d
 passwdPolicy *
081b2d
 new_passwdPolicy(Slapi_PBlock *pb, const char *dn)
081b2d
 {
081b2d
+    slapdFrontendConfig_t *slapdFrontendConfig = NULL;
081b2d
     Slapi_ValueSet *values = NULL;
081b2d
+    Slapi_Value **sval = NULL;
081b2d
     Slapi_Entry *e = NULL, *pw_entry = NULL;
081b2d
-    int type_name_disposition = 0;
081b2d
+    passwdPolicy *pwdpolicy = NULL;
081b2d
+    Slapi_Attr *attr = NULL;
081b2d
+    char *pwscheme_name = NULL;
081b2d
+    char *attr_name = NULL;
081b2d
     char *actual_type_name = NULL;
081b2d
+    int type_name_disposition = 0;
081b2d
     int attr_free_flags = 0;
081b2d
     int rc = 0;
081b2d
-    passwdPolicy *pwdpolicy = NULL;
081b2d
-    struct pw_scheme *pwdscheme = NULL;
081b2d
-    Slapi_Attr *attr;
081b2d
-    char *attr_name;
081b2d
-    Slapi_Value **sval;
081b2d
-    slapdFrontendConfig_t *slapdFrontendConfig;
081b2d
     int optype = -1;
081b2d
 
081b2d
     /* If we already allocated a pw policy, return it */
081b2d
@@ -1717,9 +1717,7 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn)
081b2d
                     pw_entry = get_entry(pb, bvp->bv_val);
081b2d
                 }
081b2d
             }
081b2d
-
081b2d
             slapi_vattr_values_free(&values, &actual_type_name, attr_free_flags);
081b2d
-
081b2d
             slapi_entry_free(e);
081b2d
 
081b2d
             if (pw_entry == NULL) {
081b2d
@@ -1732,7 +1730,11 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn)
081b2d
 
081b2d
             /* Set the default values (from libglobs.c) */
081b2d
             pwpolicy_init_defaults(pwdpolicy);
081b2d
-            pwdpolicy->pw_storagescheme = slapdFrontendConfig->pw_storagescheme;
081b2d
+
081b2d
+            /* Set the current storage scheme */
081b2d
+            pwscheme_name = config_get_pw_storagescheme();
081b2d
+            pwdpolicy->pw_storagescheme = pw_name2scheme(pwscheme_name);
081b2d
+            slapi_ch_free_string(&pwscheme_name);
081b2d
 
081b2d
             /* Set the defined values now */
081b2d
             for (slapi_entry_first_attr(pw_entry, &attr); attr;
081b2d
@@ -1865,6 +1867,7 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn)
081b2d
                     }
081b2d
                 } else if (!strcasecmp(attr_name, "passwordstoragescheme")) {
081b2d
                     if ((sval = attr_get_present_values(attr))) {
081b2d
+                        free_pw_scheme(pwdpolicy->pw_storagescheme);
081b2d
                         pwdpolicy->pw_storagescheme =
081b2d
                             pw_name2scheme((char *)slapi_value_get_string(*sval));
081b2d
                     }
081b2d
@@ -1924,10 +1927,9 @@ done:
081b2d
      * structure from slapdFrontendconfig
081b2d
      */
081b2d
     *pwdpolicy = slapdFrontendConfig->pw_policy;
081b2d
-    pwdscheme = (struct pw_scheme *)slapi_ch_calloc(1, sizeof(struct pw_scheme));
081b2d
-    *pwdscheme = *slapdFrontendConfig->pw_storagescheme;
081b2d
-    pwdscheme->pws_name = strdup(slapdFrontendConfig->pw_storagescheme->pws_name);
081b2d
-    pwdpolicy->pw_storagescheme = pwdscheme;
081b2d
+    pwscheme_name = config_get_pw_storagescheme();
081b2d
+    pwdpolicy->pw_storagescheme = pw_name2scheme(pwscheme_name);
081b2d
+    slapi_ch_free_string(&pwscheme_name);
081b2d
     pwdpolicy->pw_admin = slapi_sdn_dup(slapdFrontendConfig->pw_policy.pw_admin);
081b2d
     pw_get_admin_users(pwdpolicy);
081b2d
     if (pb) {
081b2d
-- 
081b2d
2.13.6
081b2d