This is an automated email from the git hooks/post-receive script.
tbordaz pushed a commit to branch 389-ds-base-1.4.2
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.4.2 by this push:
new 03103f1 Ticket 50905 - intermittent SSL hang with rhds
03103f1 is described below
commit 03103f19f7daa0064aad70497f50660f2c60bcc5
Author: Thierry Bordaz <tbordaz@redhat.com>
AuthorDate: Fri Apr 3 15:23:10 2020 +0200
Ticket 50905 - intermittent SSL hang with rhds
Bug Description:
On a successfull sasl bind, a new IO layer (sasl_io_enable) is registered on top of
the connection. Then sasl bind sends the successful result. Registration is
done while sasl bind thread holds c_mutex but result is sent while the c_mutex
is released.
If a new operation comes in just after c_mutex was released it is
possible that sasl bind sends the result while the new IO layer is pushed.
IO layers is partially initialized at that time. It can create sigseg or
deadlock or...
Fix Description:
The fix is to protect the send result from IO layer push.
i.e. move send_ldap_result into c_mutex
https://pagure.io/389-ds-base/issue/50905
Reviewed by: Mark Reynolds (Thanks !!)
Platforms tested: F29
Flag Day: no
Doc impact: no
---
ldap/servers/slapd/saslbind.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c
index 7cad0db..6a43d2e 100644
--- a/ldap/servers/slapd/saslbind.c
+++ b/ldap/servers/slapd/saslbind.c
@@ -1118,12 +1118,16 @@ sasl_check_result:
/* Enable SASL I/O on the connection */
pthread_mutex_lock(&(pb_conn->c_mutex));
connection_set_io_layer_cb(pb_conn, sasl_io_enable, NULL, NULL);
+
+ /* send successful result before sasl_io_enable can be pushed by another incoming op */
+ send_ldap_result(pb, LDAP_SUCCESS, NULL, NULL, 0, NULL);
+
pthread_mutex_unlock(&(pb_conn->c_mutex));
+ } else {
+ /* send successful result */
+ send_ldap_result(pb, LDAP_SUCCESS, NULL, NULL, 0, NULL);
}
- /* send successful result */
- send_ldap_result(pb, LDAP_SUCCESS, NULL, NULL, 0, NULL);
-
/* remove the sasl data from the pblock */
slapi_pblock_set(pb, SLAPI_BIND_RET_SASLCREDS, NULL);
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
389-commits mailing list -- 389-commits@lists.fedoraproject.org
To unsubscribe send an email to 389-commits-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-commits@lists.fedoraproject.org
No comments:
Post a Comment