Friday, September 18, 2015

[389-devel] Please review (additional fix): [389 Project] #48188: segfault in ns-slapd due to accessing Slapi_DN freed in pre bind plug-in

https://fedorahosted.org/389/ticket/48188

https://fedorahosted.org/389/attachment/ticket/48188/0001-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.2.patch
git patch file (master) -- Additional fixes based upon the comments by
Rich in comment 24

Description: Additional fixes based upon the comments by
rmeggins@redhat.com
(Thank you, Rich!!).
https://fedorahosted.org/389/ticket/48188?replyto=24#comment:24
1. Implemented the case 2)
If the plugin changes the SLAPI_BIND_TARGET_SDN *value*,
we need to select a different backend. It is possible
(but not very useful) for the plugin to change the pointer,
but use the same value.
2. Added an api slapi_be_select_exact which returns NULL if
no matching backend.

On 09/18/2015 11:48 AM, 389 Project wrote:
> #48188: segfault in ns-slapd due to accessing Slapi_DN freed in pre bind plug-in
> -------------------------------------------------+-------------------------
> Reporter: wetpaste | Owner: nhosoi
> Type: defect | Status:
> Priority: major | accepted
> Component: Directory Server | Milestone: 1.3.4.5
> Resolution: | Version: 1.3.3
> Blocked By: | Keywords:
> Review: review? | segfault crash
> Red Hat Bugzilla: | Blocking:
> [https://bugzilla.redhat.com/show_bug.cgi?id=1264224| Ticket origin:
> 1264224] | Community
> -------------------------------------------------+-------------------------
>
> Comment (by rmeggins):
>
> There are two issues
>
> 1) If the plugin changes the SLAPI_BIND_TARGET_SDN *pointer*, we need to
> use it instead of the current `sdn` and `dn`. For this, it is sufficient
> to do `pb_sdn != sdn`.
>
> 2) If the plugin changes the SLAPI_BIND_TARGET_SDN *value*, we need to
> select a different backend. It is possible (but not very useful) for the
> plugin to change the pointer, but use the same value.
>
> I'm also not sure if it is sufficient to call `be =
> slapi_be_select(sdn);`. The bind code sets the be like this:
> {{{
> /* We could be serving multiple database backends. Select the
> appropriate one */
> if (slapi_mapping_tree_select(pb, &be, &referral, errorbuf) !=
> LDAP_SUCCESS) {
> send_nobackend_ldap_result( pb );
> be = NULL;
> goto free_and_return;
> }
> }}}
> Do we need to have similar logic in order to change the backend? What if
> the plugin selects a non-existent backend that causes `be ==
> defbackend_get_backend()`?
>
> We also need to set the new backend in the pblock: `slapi_pblock_set( pb,
> SLAPI_BACKEND, be );`
>

--
389-devel mailing list
389-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)