rpms/389-ds-base
1
0
Fork 0
mirror of https://git.centos.org/rpms/389-ds-base.git synced 2025-02-24 00:32:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
389-ds-base/SOURCES/0016-Issue-4521-DS-crash-in-deref-plugin-if-dereferenced-.patch
CentOS Sources ed98564350 import 389-ds-base-1.3.10.2-10.el7_9
2021-03-16 06:29:57 -04:00

55 lines
2.6 KiB
Diff
Raw Blame History

From ffeb863e47ab35cbb2e5666847561451d0394ed9 Mon Sep 17 00:00:00 2001
From: tbordaz <tbordaz@redhat.com>
Date: Mon, 11 Jan 2021 17:33:06 +0100
Subject: [PATCH] Issue 4521 - DS crash in deref plugin if dereferenced entry
exists but is not returned by internal search (#4525)
Bug description:
For each returned entry, deref plugin dereferences some attribute values that refer to entries.
To do this it does an internal search (scope base) with each attribute values.
Deref plugin assumes that if internal search succeeds, a single entry is returned.
It exists cases (not identified) where internal search succeeds but returns no entry.
In such case (search succeeds but no entry returned) the server crash.
Note: wonder if DB deadlock could lead to such situation.
Fix description:
Make a hardening fix that logs warning in such case
relates: https://github.com/389ds/389-ds-base/issues/4521
Reviewed by: Mark Reynolds (thanks)
Platforms tested: F31
---
ldap/servers/plugins/deref/deref.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/ldap/servers/plugins/deref/deref.c b/ldap/servers/plugins/deref/deref.c
index ec1884ba3..fc1c10f71 100644
--- a/ldap/servers/plugins/deref/deref.c
+++ b/ldap/servers/plugins/deref/deref.c
@@ -592,6 +592,21 @@ deref_do_deref_attr(Slapi_PBlock *pb, BerElement *ctrlber, const char *derefdn,
slapi_log_err(SLAPI_LOG_PLUGIN, DEREF_PLUGIN_SUBSYSTEM,
"deref_do_deref_attr - More than one entry matching DN [%s]\n",
derefdn);
+ } else if (entries[0] == NULL) {
+ int32_t op_id;
+ uint64_t conn_id;
+
+ slapi_pblock_get(pb, SLAPI_OPERATION_ID, &op_id);
+ slapi_pblock_get(pb, SLAPI_CONN_ID, &conn_id);
+ /* Weird case not clearly understood:
+ * the entry 'derefdn' exists (else we would have NOT_SUCH_ENTRY in 'rc')
+ * but it is not returned by the internal search. Note that internal search
+ * returns tombstone or subentry.
+ * Just to prevent a crash, catch this error condition and log a warning
+ */
+ slapi_log_err(SLAPI_LOG_WARNING, DEREF_PLUGIN_SUBSYSTEM,
+ "deref_do_deref_attr - conn=%" PRIu64 " op=%d - failed to retrieve the entry [%s], although the entry exists\n",
+ conn_id, op_id, derefdn);
} else {
int ii;
int needattrvals = 1; /* need attrvals sequence? */
--
2.26.2
Reference in a new issue View git blame Copy permalink