[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-directory-commits
Subject:    [389-commits] ldap/servers
From:       Noriko Hosoi <nhosoi () fedoraproject ! org>
Date:       2013-08-29 19:55:01
Message-ID: 20130829195501.E20FF6137D () fedorahosted ! org
[Download RAW message or body]

 ldap/servers/slapd/modify.c |    4 ----
 1 file changed, 4 deletions(-)

New commits:
commit 206130a4c2a8b96e45bd89d8612451653884b915
Author: Rich Megginson <rmeggins@redhat.com>
Date:   Fri Aug 23 14:16:29 2013 -0600

    Bug 999634 - ns-slapd crash due to bogus DN
    
    https://bugzilla.redhat.com/show_bug.cgi?id=999634
    Reviewed by: ???
    Branch: master
    Fix Description: When the target DN is not a valid DN, the code will bypass
    the initialization of unhashed_pw_smod, and attempt to call slapi_smods_done.
    Depending on what memory is in the unhashed_pw_smod, if both mods and
    free_mods are true, an attempt will be made to free mods or *mods and the
    server will crash.  It is tricky to find the right sequence of operations
    that will write the stack in such a way that both unhashed_pw_smod.mods
    and unhashed_pw_smod.free_mods are set.
    The fix is to just get rid of unhashed_pw_smod which is not used.
    I also check this code and other operation code for similar cases, but the
    rest of the code is clean.
    Platforms tested: RHEL6 x86_64
    Flag Day: no
    Doc impact: no
    (cherry picked from commit a3d65ac00df871675896f587b0da2c24eab961bb)
    (cherry picked from commit f513bc3f955a07c9d22128b312dbbb0384192e31)

diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
index 2677b92..957f36e 100644
--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
@@ -653,7 +653,6 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
 	int passin_sdn = 0;
 	LDAPMod	**mods, *pw_mod, **tmpmods = NULL;
 	Slapi_Mods smods;
-	Slapi_Mods unhashed_pw_smod;	
 	int repl_op, internal_op, lastmod, skip_modified_attrs;
 	char *unhashed_pw_attr = NULL;
 	Slapi_Operation *operation;
@@ -692,8 +691,6 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
 
 	slapi_mods_init_passin (&smods, mods);
 
-	slapi_mods_init(&unhashed_pw_smod, 0);
-
 	/* target spec is used to decide which plugins are applicable for the operation */
 	operation_set_target_spec (pb->pb_op, sdn);
 
@@ -1138,7 +1135,6 @@ free_and_return:
 	if (be)
 		slapi_be_Unlock(be);
 
-	slapi_mods_done(&unhashed_pw_smod); /* can finalize now */
 	if (unhashed_pw_attr)
 		slapi_ch_free ((void**)&unhashed_pw_attr);
 


--
389 commits mailing list
389-commits@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-commits
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic