|
|
6f51e1 |
From 28529671057c95327a35c326ee99fcafccad9de9 Mon Sep 17 00:00:00 2001
|
|
|
6f51e1 |
From: Thierry Bordaz <tbordaz@redhat.com>
|
|
|
6f51e1 |
Date: Wed, 14 Jun 2017 18:36:55 +0200
|
|
|
6f51e1 |
Subject: [PATCH] Ticket 49291 - slapi_search_internal_callback_pb may SIGSEV
|
|
|
6f51e1 |
if related pblock has not operation set
|
|
|
6f51e1 |
|
|
|
6f51e1 |
Bug Description:
|
|
|
6f51e1 |
if slapi_search_internal_set_pb is called with an invalid (NULL) base, the pblock should not
|
|
|
6f51e1 |
be used to call send_ldap_result. If it is, the send_ldap_result trying to derefence the
|
|
|
6f51e1 |
operation pointer will crash
|
|
|
6f51e1 |
|
|
|
6f51e1 |
Fix Description:
|
|
|
6f51e1 |
Check that the operation is set before derefencing it
|
|
|
6f51e1 |
|
|
|
6f51e1 |
https://pagure.io/389-ds-base/issue/49291
|
|
|
6f51e1 |
|
|
|
6f51e1 |
Reviewed by: Mark Reynolds
|
|
|
6f51e1 |
|
|
|
6f51e1 |
Platforms tested: F23
|
|
|
6f51e1 |
|
|
|
6f51e1 |
Flag Day: no
|
|
|
6f51e1 |
|
|
|
6f51e1 |
Doc impact: no
|
|
|
6f51e1 |
---
|
|
|
6f51e1 |
ldap/servers/slapd/result.c | 5 +++++
|
|
|
6f51e1 |
1 file changed, 5 insertions(+)
|
|
|
6f51e1 |
|
|
|
6f51e1 |
diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
|
|
|
6f51e1 |
index 56257c3..f3016ca 100644
|
|
|
6f51e1 |
--- a/ldap/servers/slapd/result.c
|
|
|
6f51e1 |
+++ b/ldap/servers/slapd/result.c
|
|
|
6f51e1 |
@@ -350,6 +350,11 @@ send_ldap_result_ext(
|
|
|
6f51e1 |
slapi_pblock_get (pb, SLAPI_BIND_METHOD, &bind_method);
|
|
|
6f51e1 |
slapi_pblock_get (pb, SLAPI_OPERATION, &operation);
|
|
|
6f51e1 |
|
|
|
6f51e1 |
+ if (operation == NULL) {
|
|
|
6f51e1 |
+ slapi_log_err(SLAPI_LOG_ERR, "send_ldap_result_ext", "No operation found: slapi_search_internal_set_pb was incomplete (invalid 'base' ?)\n");
|
|
|
6f51e1 |
+ return;
|
|
|
6f51e1 |
+ }
|
|
|
6f51e1 |
+
|
|
|
6f51e1 |
if (operation->o_status == SLAPI_OP_STATUS_RESULT_SENT) {
|
|
|
6f51e1 |
return; /* result already sent */
|
|
|
6f51e1 |
}
|
|
|
6f51e1 |
--
|
|
|
6f51e1 |
2.9.5
|
|
|
6f51e1 |
|