ldap/admin
by Richard Allen Megginson
ldap/admin/src/scripts/DSUpdate.pm.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 88450a966bbae99d6a7798d089ec3627e9bd3e5a
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Fri Nov 4 15:47:36 2011 -0600
Bug 751495 - 'setup-ds.pl -u' fails with undefined routine 'updateSystemD'
https://bugzilla.redhat.com/show_bug.cgi?id=751495
Resolves: bug 751495
Bug Description: 'setup-ds.pl -u' fails with undefined routine 'updateSystemD'
Reviewed by: nkinder (Thanks!)
Branch: master
Fix Description: needed to import that function from DSCreate
Platforms tested: RHEL6 x86_64, Fedora 15
Flag Day: no
Doc impact: no
diff --git a/ldap/admin/src/scripts/DSUpdate.pm.in b/ldap/admin/src/scripts/DSUpdate.pm.in
index db93c49..f1ab1b1 100644
--- a/ldap/admin/src/scripts/DSUpdate.pm.in
+++ b/ldap/admin/src/scripts/DSUpdate.pm.in
@@ -48,7 +48,7 @@ use DSUtil;
use Inf;
use FileConn;
use DSCreate qw(setDefaults createInstanceScripts makeOtherConfigFiles
- makeDSDirs updateSelinuxPolicy updateTmpfilesDotD);
+ makeDSDirs updateSelinuxPolicy updateTmpfilesDotD updateSystemD);
use File::Basename qw(basename dirname);
12 years, 1 month
ldap/servers
by Noriko Hosoi
ldap/servers/slapd/opshared.c | 1 -
1 file changed, 1 deletion(-)
New commits:
commit 9b2d8f76e8d67c108cde54db46184901e76d6090
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Fri Nov 4 09:54:17 2011 -0700
Bug 750625 - Fix Coverity (11066-3) Unused pointer value
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/opshared.c (op_shared_search)
Bug Description: A pointer "normbase" returned by "slapi_sdn_get_
dn(sdn)" is never used.
Fix description: removing the line that normbase is set.
diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
index f475b9d..ff17cd9 100644
--- a/ldap/servers/slapd/opshared.c
+++ b/ldap/servers/slapd/opshared.c
@@ -533,7 +533,6 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
basesdn = slapi_sdn_dup(sdn);
operation_set_target_spec (pb->pb_op, basesdn);
}
- normbase = slapi_sdn_get_dn(sdn);
break;
case -1:
12 years, 1 month
5 commits - ldap/servers
by Noriko Hosoi
ldap/servers/plugins/automember/automember.c | 5 ++
ldap/servers/plugins/chainingdb/cb_bind.c | 64 ++++++++++++++-------------
ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c | 38 ++++++++--------
ldap/servers/slapd/dn.c | 4 +
ldap/servers/slapd/opshared.c | 1
5 files changed, 62 insertions(+), 50 deletions(-)
New commits:
commit 9a7c2da4a9117d0f03dbcfe2895961c80b99f4f6
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Thu Nov 3 11:32:52 2011 -0700
Bug 750625 - Fix Coverity (12196) Dereference before null check
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/back-ldbm/ldbm_entryrdn.c (entryrdn_lookup_dn)
Bug Description: Dreferencing "db" before a null check.
Fix Description: Adding a check if the variable "db" returned
from _entryrdn_open_index is NULL or not. If NULL, it returns
or goto bail there.
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
index 1573f1f..2b9115a 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
@@ -205,7 +205,7 @@ entryrdn_index_entry(backend *be,
int flags, /* BE_INDEX_ADD or BE_INDEX_DEL */
back_txn *txn)
{
- int rc = 0;
+ int rc = -1;
struct attrinfo *ai = NULL;
DB *db = NULL;
DBC *cursor = NULL;
@@ -219,12 +219,11 @@ entryrdn_index_entry(backend *be,
slapi_log_error(SLAPI_LOG_FATAL, ENTRYRDN_TAG,
"entryrdn_index_entry: Param error: Empty %s\n",
NULL==be?"backend":NULL==e?"entry":"unknown");
- rc = -1;
- goto bail;
+ return rc;
}
/* Open the entryrdn index */
rc = _entryrdn_open_index(be, &ai, &db);
- if (rc) {
+ if (rc || (NULL == db)) {
slapi_log_error(SLAPI_LOG_FATAL, ENTRYRDN_TAG,
"entryrdn_index_entry: Opening the index failed: "
"%s(%d)\n",
@@ -347,11 +346,12 @@ entryrdn_index_read(backend *be,
/* Open the entryrdn index */
rc = _entryrdn_open_index(be, &ai, &db);
- if (rc) {
+ if (rc || (NULL == db)) {
slapi_log_error(SLAPI_LOG_FATAL, ENTRYRDN_TAG,
"entryrdn_index_read: Opening the index failed: "
"%s(%d)\n",
rc<0?dblayer_strerror(rc):"Invalid parameter", rc);
+ db = NULL;
goto bail;
}
@@ -508,11 +508,12 @@ entryrdn_rename_subtree(backend *be,
/* Open the entryrdn index */
rc = _entryrdn_open_index(be, &ai, &db);
- if (rc) {
+ if (rc || (NULL == db)) {
slapi_log_error(SLAPI_LOG_FATAL, ENTRYRDN_TAG,
"entryrdn_rename_subtree: Opening the index failed: "
"%s(%d)\n",
rc<0?dblayer_strerror(rc):"Invalid parameter", rc);
+ db = NULL;
return rc;
}
@@ -915,11 +916,12 @@ entryrdn_get_subordinates(backend *be,
/* Open the entryrdn index */
rc = _entryrdn_open_index(be, &ai, &db);
- if (rc) {
+ if (rc || (NULL == db)) {
slapi_log_error(SLAPI_LOG_FATAL, ENTRYRDN_TAG,
"entryrdn_get_subordinates: Opening the index failed: "
"%s(%d)\n",
rc<0?dblayer_strerror(rc):"Invalid parameter", rc);
+ db = NULL;
goto bail;
}
@@ -1003,7 +1005,7 @@ entryrdn_lookup_dn(backend *be,
char **dn,
back_txn *txn)
{
- int rc = 0;
+ int rc = -1;
struct attrinfo *ai = NULL;
DB *db = NULL;
DBC *cursor = NULL;
@@ -1032,7 +1034,7 @@ entryrdn_lookup_dn(backend *be,
*dn = NULL;
/* Open the entryrdn index */
rc = _entryrdn_open_index(be, &ai, &db);
- if (rc) {
+ if (rc || (NULL == db)) {
slapi_log_error(SLAPI_LOG_FATAL, ENTRYRDN_TAG,
"entryrdn_lookup_dn: Opening the index failed: "
"%s(%d)\n",
@@ -1146,9 +1148,8 @@ bail:
dblayer_strerror(myrc), myrc);
}
}
- if (db) {
- dblayer_release_index_file(be, ai, db);
- }
+ /* it is guaranteed that db is not NULL. */
+ dblayer_release_index_file(be, ai, db);
slapi_rdn_free(&srdn);
slapi_ch_free_string(&nrdn);
slapi_ch_free_string(&keybuf);
@@ -1173,7 +1174,7 @@ entryrdn_get_parent(backend *be,
ID *pid,
back_txn *txn)
{
- int rc = 0;
+ int rc = -1;
struct attrinfo *ai = NULL;
DB *db = NULL;
DBC *cursor = NULL;
@@ -1197,14 +1198,14 @@ entryrdn_get_parent(backend *be,
NULL==be?"backend":NULL==rdn?"rdn":0==id?"id":
NULL==rdn?"rdn container":
NULL==pid?"pid":"unknown");
- goto bail;
+ return rc;
}
*prdn = NULL;
*pid = 0;
/* Open the entryrdn index */
rc = _entryrdn_open_index(be, &ai, &db);
- if (rc) {
+ if (rc || (NULL == db)) {
slapi_log_error(SLAPI_LOG_FATAL, ENTRYRDN_TAG,
"entryrdn_get_parent: Opening the index failed: "
"%s(%d)\n",
@@ -1294,9 +1295,8 @@ bail:
dblayer_strerror(rc), rc);
}
}
- if (db) {
- dblayer_release_index_file(be, ai, db);
- }
+ /* it is guaranteed that db is not NULL. */
+ dblayer_release_index_file(be, ai, db);
slapi_log_error(SLAPI_LOG_TRACE, ENTRYRDN_TAG,
"<-- entryrdn_get_parent\n");
return rc;
@@ -1414,6 +1414,8 @@ _entryrdn_open_index(backend *be, struct attrinfo **ai, DB **dbp)
NULL==dbp?"db container":"unknown");
goto bail;
}
+ *ai = NULL;
+ *dbp = NULL;
/* Open the entryrdn index */
ainfo_get(be, LDBM_ENTRYRDN_STR, ai);
if (NULL == *ai) {
commit 68abfd6d81e6f3dcf40409c528abe6791e8b82d9
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Thu Nov 3 11:45:58 2011 -0700
Bug 750625 - Fix Coverity (12195) Dereference after null check
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/dn.c (slapi_dn_normalize_ext)
Bug Description: Dereferencing null variable "dest_len".
Missed to check the NULL possibility of the argument "dest_len"
to return the normalized dn size.
Fix Description: Assinging 0 to "*dest_len" only when "dest_len"
is not NULL.
diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c
index 2b0b338..ec92790 100644
--- a/ldap/servers/slapd/dn.c
+++ b/ldap/servers/slapd/dn.c
@@ -1080,7 +1080,9 @@ bail:
*dest = NULL;
}
}
- *dest_len = 0;
+ if (dest_len != NULL) {
+ *dest_len = 0;
+ }
} else if (d && rc > 0) {
/* We terminate the str with NULL only when we allocate the str */
*d = '\0';
commit dcb6ad7d9ca65a4e60ffd24d00287ca144ca6310
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Thu Nov 3 10:01:32 2011 -0700
Bug 750625 - Fix Coverity (11066-2) Unused pointer value
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/opshared.c (op_shared_search)
Bug Description: A pointer "normbase" returned by "slapi_sdn_get_
dn(sdn)" is never used.
Fix description: removing the line that normbase is set.
diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
index bf6b016..f475b9d 100644
--- a/ldap/servers/slapd/opshared.c
+++ b/ldap/servers/slapd/opshared.c
@@ -679,7 +679,6 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
slapi_sdn_free(&sdn);
sdn = slapi_sdn_dup(be_suffix);
slapi_pblock_set(pb, SLAPI_SEARCH_TARGET_SDN, (void *)sdn);
- normbase = slapi_sdn_get_dn(sdn);
}
else if (slapi_sdn_issuffix(basesdn, be_suffix))
{
commit 92a3f9920211ec66bbe531cf3ba1d3e77abca34b
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Thu Nov 3 10:08:26 2011 -0700
Bug 750625 - Fix Coverity (11062) Resource leak
https://bugzilla.redhat.com/show_bug.cgi?id=750625
plugins/chainingdb/cb_bind.c (chainingdb_bind)
Bug Description: Variable "sdn" going out of scope leaks
the storage it points to. If SLAPI_BIND_TARGET_SDN is not
given (anonymous bind) to cb_bind, sizeof(Slapi_DN) leaks.
Fix Description: Free sdn if the structure Slapi_DN is locally
allocated.
diff --git a/ldap/servers/plugins/chainingdb/cb_bind.c b/ldap/servers/plugins/chainingdb/cb_bind.c
index edc45f3..18e526a 100644
--- a/ldap/servers/plugins/chainingdb/cb_bind.c
+++ b/ldap/servers/plugins/chainingdb/cb_bind.c
@@ -238,6 +238,7 @@ chainingdb_bind( Slapi_PBlock *pb )
Slapi_Backend *be;
const char *dn = NULL;
Slapi_DN *sdn = NULL;
+ Slapi_DN *mysdn = NULL;
int method;
struct berval *creds, **urls;
char *matcheddn,*errmsg;
@@ -246,20 +247,20 @@ chainingdb_bind( Slapi_PBlock *pb )
int freectrls=1;
int bind_retry;
- if ( LDAP_SUCCESS != (rc = cb_forward_operation(pb) )) {
- cb_send_ldap_result( pb, rc, NULL, "Chaining forbidden", 0, NULL );
- return SLAPI_BIND_FAIL;
- }
+ if ( LDAP_SUCCESS != (rc = cb_forward_operation(pb) )) {
+ cb_send_ldap_result( pb, rc, NULL, "Chaining forbidden", 0, NULL );
+ return SLAPI_BIND_FAIL;
+ }
ctrls=NULL;
/* don't add proxy auth control. use this call to check for supported */
/* controls only. */
- if ( LDAP_SUCCESS != ( rc = cb_update_controls( pb, NULL, &ctrls, 0 )) ) {
- cb_send_ldap_result( pb, rc, NULL, NULL, 0, NULL );
+ if ( LDAP_SUCCESS != ( rc = cb_update_controls( pb, NULL, &ctrls, 0 )) ) {
+ cb_send_ldap_result( pb, rc, NULL, NULL, 0, NULL );
if (ctrls)
ldap_controls_free(ctrls);
- return SLAPI_BIND_FAIL;
- }
+ return SLAPI_BIND_FAIL;
+ }
if (ctrls)
ldap_controls_free(ctrls);
@@ -272,30 +273,32 @@ chainingdb_bind( Slapi_PBlock *pb )
cb = cb_get_instance(be);
if ( NULL == sdn ) {
- sdn = slapi_sdn_new_ndn_byval("");
+ sdn = mysdn = slapi_sdn_new_ndn_byval("");
}
dn = slapi_sdn_get_ndn(sdn);
- /* always allow noauth simple binds */
- if (( method == LDAP_AUTH_SIMPLE) && creds->bv_len == 0 ) {
- return( SLAPI_BIND_ANONYMOUS );
- }
+ /* always allow noauth simple binds */
+ if (( method == LDAP_AUTH_SIMPLE) && creds->bv_len == 0 ) {
+ slapi_sdn_free(&mysdn);
+ return( SLAPI_BIND_ANONYMOUS );
+ }
- cb_update_monitor_info(pb,cb,SLAPI_OPERATION_BIND);
+ cb_update_monitor_info(pb,cb,SLAPI_OPERATION_BIND);
matcheddn=errmsg=NULL;
- allocated_errmsg = 0;
+ allocated_errmsg = 0;
resctrls=NULL;
urls=NULL;
/* Check wether the chaining BE is available or not */
- if ( cb_check_availability( cb, pb ) == FARMSERVER_UNAVAILABLE ){
- return -1;
- }
+ if ( cb_check_availability( cb, pb ) == FARMSERVER_UNAVAILABLE ){
+ slapi_sdn_free(&mysdn);
+ return -1;
+ }
- slapi_rwlock_rdlock(cb->rwl_config_lock);
+ slapi_rwlock_rdlock(cb->rwl_config_lock);
bind_retry=cb->bind_retry;
- slapi_rwlock_unlock(cb->rwl_config_lock);
+ slapi_rwlock_unlock(cb->rwl_config_lock);
rc = cb_sasl_bind_s(pb, cb->bind_pool, bind_retry, dn, method,
mechanism, creds, reqctrls, &matcheddn, &errmsg,
@@ -322,17 +325,18 @@ chainingdb_bind( Slapi_PBlock *pb )
}
}
- if ( urls != NULL ) {
- cb_free_bervals( urls );
- }
- if ( freectrls && ( resctrls != NULL )) {
- ldap_controls_free( resctrls );
- }
- slapi_ch_free((void **)& matcheddn );
- if ( allocated_errmsg && errmsg != NULL ) {
- slapi_ch_free((void **)& errmsg );
- }
+ if ( urls != NULL ) {
+ cb_free_bervals( urls );
+ }
+ if ( freectrls && ( resctrls != NULL )) {
+ ldap_controls_free( resctrls );
+ }
+ slapi_ch_free((void **)& matcheddn );
+ if ( allocated_errmsg && errmsg != NULL ) {
+ slapi_ch_free((void **)& errmsg );
+ }
+ slapi_sdn_free(&mysdn);
return ((rc == LDAP_SUCCESS ) ? SLAPI_BIND_SUCCESS : SLAPI_BIND_FAIL );
}
commit 777673ecf7bf4c6f0d41e18c550dc4d86f7e897b
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Thu Nov 3 09:50:55 2011 -0700
Bug 750625 - Fix Coverity (11055-2) Explicit null dereferenced
https://bugzilla.redhat.com/show_bug.cgi?id=750625
plugins/automember/automember.c (automember_pre_op)
Bug Description: Passing null variable "e" to function
"automember_parse_config_entry", which dereferences it.
Missing a check of the NULL possibility of target entry "e" when
modop is not a supported op type.
Fix Description: If modop is not a supported type, it bails there.
diff --git a/ldap/servers/plugins/automember/automember.c b/ldap/servers/plugins/automember/automember.c
index 010b5ac..1195a15 100644
--- a/ldap/servers/plugins/automember/automember.c
+++ b/ldap/servers/plugins/automember/automember.c
@@ -1623,6 +1623,11 @@ automember_pre_op(Slapi_PBlock * pb, int modop)
* to let the main server handle it. */
goto bailmod;
}
+ } else {
+ errstr = slapi_ch_smprintf("automember_pre_op: invalid op type %d",
+ modop);
+ ret = LDAP_PARAM_ERROR;
+ goto bail;
}
if (automember_parse_config_entry(e, 0) != 0) {
12 years, 1 month
21 commits - ldap/servers lib/libaccess
by Noriko Hosoi
ldap/servers/plugins/acl/acl.c | 18 +++---
ldap/servers/plugins/acl/aclutil.c | 7 ++
ldap/servers/plugins/automember/automember.c | 5 +
ldap/servers/plugins/pam_passthru/pam_ptimpl.c | 1
ldap/servers/plugins/referint/referint.c | 30 +++++++++-
ldap/servers/plugins/replication/cl5_config.c | 34 ++++++-----
ldap/servers/plugins/replication/repl5_replica_config.c | 2
ldap/servers/slapd/auditlog.c | 46 ++++++++--------
ldap/servers/slapd/back-ldbm/ancestorid.c | 7 +-
ldap/servers/slapd/back-ldbm/import-threads.c | 13 +++-
ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c | 4 -
ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 10 ++-
ldap/servers/slapd/dse.c | 5 +
ldap/servers/slapd/mapping_tree.c | 4 +
ldap/servers/slapd/opshared.c | 1
ldap/servers/slapd/pw.c | 27 +++++----
ldap/servers/slapd/pw_retry.c | 8 ++
ldap/servers/slapd/tools/ldclt/ldapfct.c | 35 ++++++------
lib/libaccess/aclutil.cpp | 13 ++--
lib/libaccess/lasdns.cpp | 8 ++
lib/libaccess/lasgroup.cpp | 10 ++-
lib/libaccess/oneeval.cpp | 2
22 files changed, 186 insertions(+), 104 deletions(-)
New commits:
commit 950712cfcc382fd5966a466d9d312942240aa4f7
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Wed Nov 2 09:48:01 2011 -0700
Bug 750625 - Fix Coverity (11091) Unchecked return value
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/back-ldbm/import-threads.c (index_producer)
Bug Description: No check of the return value of "db_create".
Fix Description: Adding a checking code for the return value
from db_create.
diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c b/ldap/servers/slapd/back-ldbm/import-threads.c
index e95d32f..eb2cc82 100644
--- a/ldap/servers/slapd/back-ldbm/import-threads.c
+++ b/ldap/servers/slapd/back-ldbm/import-threads.c
@@ -1148,9 +1148,8 @@ index_producer(void *param)
tmp_db->close(tmp_db, 0);
rc = db_create(&db, env, 0);
if (rc) {
- LDAPDebug2Args(LDAP_DEBUG_ANY,
- "Creating db handle to rename %s to %s failed.\n",
- tmpid2entry, id2entry);
+ LDAPDebug1Arg(LDAP_DEBUG_ANY,
+ "Creating db handle to remove %s failed.\n", id2entry);
goto bail;
}
rc = db->remove(db, id2entry, NULL, 0);
@@ -1158,7 +1157,13 @@ index_producer(void *param)
LDAPDebug1Arg(LDAP_DEBUG_ANY, "Removing %s failed.\n", id2entry);
goto bail;
}
- db_create(&db, env, 0);
+ rc = db_create(&db, env, 0);
+ if (rc) {
+ LDAPDebug2Args(LDAP_DEBUG_ANY,
+ "Creating db handle to rename %s to %s failed.\n",
+ tmpid2entry, id2entry);
+ goto bail;
+ }
rc = db->rename(db, tmpid2entry, NULL, id2entry, 0);
if (rc) {
LDAPDebug2Args(LDAP_DEBUG_ANY, "Renaming %s to %s failed.\n",
commit 1882249170ea2cf7ba683e214cd30a92fada7dfb
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Wed Nov 2 09:43:08 2011 -0700
Bug 750625 - Fix Coverity (11094) Dereference after null check
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/dse.c (dse_callback_removefromlist)
Bug Description: Passing null variable "filter" to function
"strcmpi_fast", which dereferences it.
If filter and t->filter have a chance to be NULL, the case
should be avoided before passing them to strcasecmp.
Fix Description: adding a check if "filter" and "t->filter"
are NULL or not. If both are not NULL, they are passed to
strcasecmp. If either is NULL and another is not, that is
they did not match.
diff --git a/ldap/servers/slapd/dse.c b/ldap/servers/slapd/dse.c
index 727e999..c4fa333 100644
--- a/ldap/servers/slapd/dse.c
+++ b/ldap/servers/slapd/dse.c
@@ -334,8 +334,9 @@ dse_callback_removefromlist(struct dse_callback **pplist, int operation, int fla
if ((t->operation == operation) && (t->flags == flags) &&
(t->fn == fn) && (scope == t->scope) &&
(slapi_sdn_compare(base,t->base) == 0) &&
- (( NULL == filter && NULL == t->filter ) ||
- (strcasecmp(filter, t->filter) == 0))) {
+ ((NULL == filter && NULL == t->filter) || /* both are NULL OR */
+ ((filter && t->filter) && /* both are not NULL AND match. */
+ (strcasecmp(filter, t->filter) == 0)))) {
if (prev == NULL) {
*pplist= t->next;
} else {
commit bc9d890f48c4515162e6fbdd4af485b8649b0035
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Wed Nov 2 09:37:33 2011 -0700
Bug 750625 - Fix Coverity (11095) Explicit null dereferenced
https://bugzilla.redhat.com/show_bug.cgi?id=750625
lib/libaccess/lasdns.cpp (LASDnsEval)
Bug Description: LASDnsBuild could fail and context->Table could
be left as NULL. Error checking for LASDnsBuild should be added.
Fix Description: If LASDnsBuild returns LAS_EVAL_INVALID, return
LAS_EVAL_FAIL there.
diff --git a/lib/libaccess/lasdns.cpp b/lib/libaccess/lasdns.cpp
index 6956878..e4032f1 100644
--- a/lib/libaccess/lasdns.cpp
+++ b/lib/libaccess/lasdns.cpp
@@ -389,7 +389,13 @@ int LASDnsEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator,
return LAS_EVAL_FAIL;
}
context->Table = NULL;
- LASDnsBuild(errp, attr_pattern, context, aliasflg);
+ if (LASDnsBuild(errp, attr_pattern, context, aliasflg) ==
+ LAS_EVAL_INVALID) {
+ /* Error is already printed in LASDnsBuild */
+ ACL_CritExit();
+ return LAS_EVAL_FAIL;
+ }
+ /* After this line, it is assured context->Table is not NULL. */
} else {
context = (LASDnsContext *) *LAS_cookie;
}
commit a578520d2c0deb4dc216282ebad29e7f00006d7b
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Wed Nov 2 09:31:30 2011 -0700
Bug 750625 - Fix Coverity (11096) Explicit null dereferenced
https://bugzilla.redhat.com/show_bug.cgi?id=750625
lib/libaccess/aclutil.cpp (LASGroupEval)
Bug Description: Dereferencing null variable "req_time".
Fix Description: Check "req_time" when it's returned from acl_
get_req_time. If it is NULL, return LAS_EVAL_FAIL and it does
not go further. Also, adding a check for the malloc failure to
acl_get_req_time.
diff --git a/lib/libaccess/aclutil.cpp b/lib/libaccess/aclutil.cpp
index 77bdf60..baf58c8 100644
--- a/lib/libaccess/aclutil.cpp
+++ b/lib/libaccess/aclutil.cpp
@@ -247,13 +247,16 @@ time_t *acl_get_req_time (PList_t resource)
{
time_t *req_time = 0;
int rv = PListGetValue(resource, ACL_ATTR_TIME_INDEX, (void **)&req_time,
- NULL);
+ NULL);
if (rv < 0) {
- req_time = (time_t *)pool_malloc(PListGetPool(resource), sizeof(time_t));
- time(req_time);
- PListInitProp(resource, ACL_ATTR_TIME_INDEX, ACL_ATTR_TIME,
- (void *)req_time, NULL);
+ req_time = (time_t *)pool_malloc(PListGetPool(resource), sizeof(time_t));
+ if (NULL == req_time) {
+ return NULL;
+ }
+ time(req_time);
+ PListInitProp(resource, ACL_ATTR_TIME_INDEX, ACL_ATTR_TIME,
+ (void *)req_time, NULL);
}
return req_time;
diff --git a/lib/libaccess/lasgroup.cpp b/lib/libaccess/lasgroup.cpp
index 6e6602a..8cc78cf 100644
--- a/lib/libaccess/lasgroup.cpp
+++ b/lib/libaccess/lasgroup.cpp
@@ -126,12 +126,14 @@ int LASGroupEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator,
return LAS_EVAL_FAIL;
}
- rv = LAS_EVAL_FALSE;
+ /* Regardless of cache, req_time needs to be filled. */
+ req_time = acl_get_req_time(resource);
+ if (NULL == req_time) {
+ return LAS_EVAL_FAIL;
+ }
+ rv = LAS_EVAL_FALSE;
if (acl_usr_cache_enabled()) {
- /* avoid unnecessary system call to get time if cache is disabled */
- req_time = acl_get_req_time(resource);
-
/* Loop through all the groups and check if any is in the cache */
group = groups;
delim = ',';
commit bc678280b2609a34800d85dcc6baba39bfb0c2bc
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 18:21:09 2011 -0700
Bug 750625 - Fix Coverity (11107) Dereference before null check
https://bugzilla.redhat.com/show_bug.cgi?id=750625
plugins/acl/acl.c (acl__resource_match_aci)
Bug Description: Dereferencing "aclpb" before a null check.
Fix Description: Since there is a chance that passed "aclpb" is NULL,
acl__resource_match_aci checks if "aclpb" is NULL or not at the top
of the function and if it is, goto acl__resource_match_aci_EXIT.
diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
index 0ae1a24..9c3db10 100644
--- a/ldap/servers/plugins/acl/acl.c
+++ b/ldap/servers/plugins/acl/acl.c
@@ -1985,7 +1985,8 @@ acl__resource_match_aci( Acl_PBlock *aclpb, aci_t *aci, int skip_attrEval, int *
struct slapi_filter *f; /* filter */
int rv; /* return value */
- int matches;
+ /* Assume that resource matches */
+ int matches = ACL_TRUE;
int attr_matched;
int attr_matched_in_targetattrfilters = 0;
int dn_matched;
@@ -2003,10 +2004,10 @@ acl__resource_match_aci( Acl_PBlock *aclpb, aci_t *aci, int skip_attrEval, int *
TNF_PROBE_0_DEBUG(acl__resource_match_aci_start,"ACL","");
- aclpb->aclpb_stat_aclres_matched++;
-
- /* Assume that resource matches */
- matches = ACL_TRUE;
+ if (NULL == aclpb) {
+ matches = ACL_FALSE;
+ goto acl__resource_match_aci_EXIT;
+ }
/* Figure out if the acl has the correct rights or not */
aci_right = aci->aci_access;
@@ -2634,7 +2635,7 @@ acl__resource_match_aci( Acl_PBlock *aclpb, aci_t *aci, int skip_attrEval, int *
** be rare). In that case, just remember it. An entry test rule
** doesn't have "(targetattr)".
*/
- if (aclpb && (aclpb->aclpb_state & ACLPB_EVALUATING_FIRST_ATTR) &&
+ if ((aclpb->aclpb_state & ACLPB_EVALUATING_FIRST_ATTR) &&
(!(aci->aci_type & ACI_TARGET_ATTR))) {
aclpb->aclpb_state |= ACLPB_FOUND_A_ENTRY_TEST_RULE;
}
@@ -2653,7 +2654,10 @@ acl__resource_match_aci_EXIT:
* even if the aci did not finally match.
* All the partial strings will be freed at aclpb
* cleanup time.
- */
+ */
+ if (ACL_TRUE == matches) {
+ aclpb->aclpb_stat_aclres_matched++;
+ }
TNF_PROBE_0_DEBUG(acl__resource_match_aci_end,"ACL","");
commit 4272e8f59c0fc5fb9d6edb4f7af1d9fa348620c4
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 18:14:59 2011 -0700
Bug 750625 - Fix Coverity (11108) Sizeof not portable
https://bugzilla.redhat.com/show_bug.cgi?id=750625
lib/libaccess/oneeval.cpp (ACLEvalBuildContext)
Bug Description: Passing argument "8UL /* sizeof (PList_t *) */
* ace->expr_term_index" to function "INTsystem_calloc_perm" and
then casting the return value to "PList_t *" is suspicious. Did
you intend to use "sizeof(PList_t)" instead of "sizeof (PList_t *)"?
In this particular case sizeof(PList_t *) happens to be equal to
sizeof(PList_t), but this is not a portable assumption.
Fix Description: replace sizeof(PList_t *) with sizesof(PList_t).
Note: PList_t is typedef of (PListStruct_t *). I.e., sizeof(PList_t)
and sizeof(PList_t *) are identical. Therefore, this is not a major
problem at all.
diff --git a/lib/libaccess/oneeval.cpp b/lib/libaccess/oneeval.cpp
index f3283b6..eff4e10 100644
--- a/lib/libaccess/oneeval.cpp
+++ b/lib/libaccess/oneeval.cpp
@@ -463,7 +463,7 @@ ACLEvalBuildContext(
if (rv > 0) {
/* First one for this ACE? */
if (!new_ace->autharray) {
- new_ace->autharray = (PList_t *)PERM_CALLOC(sizeof(PList_t *) * ace->expr_term_index);
+ new_ace->autharray = (PList_t *)PERM_CALLOC(sizeof(PList_t) * ace->expr_term_index);
if (!new_ace->autharray) {
nserrGenerate(errp, ACLERRNOMEM, ACLERR4040, ACL_Program, 1, XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAuthPointerArray));
goto error;
commit 9265113fa31adfc13cf2e30d4f362e25ada15582
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 18:12:50 2011 -0700
Bug 750625 - Fix Coverity (11109, 11110, 11111) Uninitialized pointer read
https://bugzilla.redhat.com/show_bug.cgi?id=750625
plugins/replication/cl5_config.c (changelog5_read_config)
Bug Description: Using uninitialized value "config.dir".
changelog config is set with the changelog config entry in
changelog5_read_config. If the search for the config entry
succeeds but there's no entry returned (actually, there is
no such case, though), the config structure is not initialized.
Fix Description: if changelog config entry search is success and
no entry is returned, initialize the config structure with NULLs.
diff --git a/ldap/servers/plugins/replication/cl5_config.c b/ldap/servers/plugins/replication/cl5_config.c
index 09c5eca..980cb7f 100644
--- a/ldap/servers/plugins/replication/cl5_config.c
+++ b/ldap/servers/plugins/replication/cl5_config.c
@@ -125,29 +125,35 @@ int changelog5_read_config (changelog5Config *config)
int rc = LDAP_SUCCESS;
Slapi_PBlock *pb;
- pb = slapi_pblock_new ();
- slapi_search_internal_set_pb (pb, CONFIG_BASE, LDAP_SCOPE_BASE, CONFIG_FILTER, NULL, 0, NULL,
- NULL, repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0);
+ pb = slapi_pblock_new ();
+ slapi_search_internal_set_pb (pb, CONFIG_BASE, LDAP_SCOPE_BASE,
+ CONFIG_FILTER, NULL, 0, NULL, NULL,
+ repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0);
slapi_search_internal_pb (pb);
- slapi_pblock_get( pb, SLAPI_PLUGIN_INTOP_RESULT, &rc );
- if ( LDAP_SUCCESS == rc )
+ slapi_pblock_get( pb, SLAPI_PLUGIN_INTOP_RESULT, &rc );
+ if ( LDAP_SUCCESS == rc )
{
- Slapi_Entry **entries = NULL;
- slapi_pblock_get( pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries );
- if ( NULL != entries && NULL != entries[0])
+ Slapi_Entry **entries = NULL;
+ slapi_pblock_get( pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries );
+ if ( NULL != entries && NULL != entries[0])
{
- /* Extract the config info from the changelog entry */
+ /* Extract the config info from the changelog entry */
changelog5_extract_config(entries[0], config);
- }
- }
+ }
+ else
+ {
+ memset (config, 0, sizeof (*config));
+ rc = LDAP_SUCCESS;
+ }
+ }
else
{
memset (config, 0, sizeof (*config));
- rc = LDAP_SUCCESS;
+ rc = LDAP_SUCCESS;
}
- slapi_free_search_results_internal(pb);
- slapi_pblock_destroy(pb);
+ slapi_free_search_results_internal(pb);
+ slapi_pblock_destroy(pb);
return rc;
}
commit 46d55a49e4137cbbf430246046f816aa957049ed
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 18:09:37 2011 -0700
Bug 750625 - Fix Coverity (11112) Uninitialized pointer read
https://bugzilla.redhat.com/show_bug.cgi?id=750625
plugins/replication/repl5_replica_config.c (replica_execute_ldif2cl_task)
Bug Description: Using uninitialized "config.dir" when calling
"cl5Open".
config.dir is set in changelog5_extract_config. If any error
such as fail to read changelog config entry, NULL is set and
following cl5Open fails.
Fix Description: check if config.dir is NULL or not in error logging.
diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
index eb23c21..e0e11e9 100644
--- a/ldap/servers/plugins/replication/repl5_replica_config.c
+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
@@ -1052,7 +1052,7 @@ static int replica_execute_ldif2cl_task (Object *r, char *returntext)
{
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"replica_execute_ldif2cl_task: failed to start changelog at %s\n",
- config.dir);
+ config.dir?config.dir:"null config dir");
rc = LDAP_OPERATIONS_ERROR;
}
bail:
commit 3b58c25ccfb4de60ca9c928874e0d68418011524
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 18:06:54 2011 -0700
Bug 750625 - Fix Coverity (11113) Uninitialized pointer read
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/auditlog.c (write_audit_log_entry)
Bug Description: Using uninitialized value "change" when
calling "write_audit_file".
If it is not a supported operation type, no need to log it
in the audit log.
Fix Description: Once it's determined as an unsupported
operation type, return without calling write_audit_file.
diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c
index d000550..0128f2f 100644
--- a/ldap/servers/slapd/auditlog.c
+++ b/ldap/servers/slapd/auditlog.c
@@ -66,37 +66,39 @@ write_audit_log_entry( Slapi_PBlock *pb )
Slapi_DN *sdn;
const char *dn;
void *change;
- int flag = 0;
- Operation *op;
+ int flag = 0;
+ Operation *op;
- /* if the audit log is not enabled, just skip all of
- this stuff */
- if (!config_get_auditlog_logging_enabled()) {
- return;
- }
+ /* if the audit log is not enabled, just skip all of
+ this stuff */
+ if (!config_get_auditlog_logging_enabled()) {
+ return;
+ }
- slapi_pblock_get( pb, SLAPI_OPERATION, &op );
+ slapi_pblock_get( pb, SLAPI_OPERATION, &op );
slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn );
- dn = slapi_sdn_get_dn(sdn);
switch ( operation_get_type(op) )
- {
+ {
case SLAPI_OPERATION_MODIFY:
- slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &change );
- break;
+ slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &change );
+ break;
case SLAPI_OPERATION_DELETE:
- {
- char * deleterDN = NULL;
- slapi_pblock_get(pb, SLAPI_REQUESTOR_DN, &deleterDN);
- change = deleterDN;
- }
- break;
-
+ {
+ char * deleterDN = NULL;
+ slapi_pblock_get(pb, SLAPI_REQUESTOR_DN, &deleterDN);
+ change = deleterDN;
+ }
+ break;
+
case SLAPI_OPERATION_MODDN:
- slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &change );
- slapi_pblock_get( pb, SLAPI_MODRDN_DELOLDRDN, &flag );
- break;
+ slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &change );
+ slapi_pblock_get( pb, SLAPI_MODRDN_DELOLDRDN, &flag );
+ break;
+ default:
+ return; /* Unsupported operation type. */
}
curtime = current_time();
+ dn = slapi_sdn_get_dn(sdn);
write_audit_file( operation_get_type(op), dn, change, flag, curtime );
}
commit 558cc6e401055c24edb2d375726c9338c6d15b8a
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 18:04:21 2011 -0700
Bug 750625 - Fix Coverity (11114, 11115) Uninitialized value use
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/back-ldbm/ancestorid.c (ldbm_ancestorid_index_update)
Bug Description: Uninitialized "sdn" and "nextsdn" when calling
"slapi_sdn_done".
Variable "sdn" and "nextsdn" should have been initialized before
any chances to goto "out".
Fix Description: initialize "sdn" and "nextsdn" before the first
"goto out".
diff --git a/ldap/servers/slapd/back-ldbm/ancestorid.c b/ldap/servers/slapd/back-ldbm/ancestorid.c
index 15fb7e0..2f32f8f 100644
--- a/ldap/servers/slapd/back-ldbm/ancestorid.c
+++ b/ldap/servers/slapd/back-ldbm/ancestorid.c
@@ -725,6 +725,9 @@ static int ldbm_ancestorid_index_update(
int err = 0, ret = 0;
DB_TXN *db_txn = txn != NULL ? txn->back_txn_txn : NULL;
+ slapi_sdn_init(&sdn);
+ slapi_sdn_init(&nextsdn);
+
/* Open the ancestorid index */
ainfo_get(be, LDBM_ANCESTORID_STR, &ai);
ret = dblayer_get_index_file(be, ai, &db, DBOPEN_CREATE);
@@ -733,8 +736,6 @@ static int ldbm_ancestorid_index_update(
goto out;
}
- slapi_sdn_init(&sdn);
- slapi_sdn_init(&nextsdn);
slapi_sdn_copy(low, &sdn);
if (include_low == 0) {
@@ -819,7 +820,7 @@ static int ldbm_ancestorid_index_update(
} while (ret == 0);
- out:
+out:
slapi_sdn_done(&sdn);
slapi_sdn_done(&nextsdn);
commit c92ba0b22a1b6d0f468a12ff4cf045c7e313dc3a
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 18:02:09 2011 -0700
Bug 750625 - Fix Coverity (11116) Uninitialized pointer read
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/back-ldbm/ldbm_entryrdn.c (entryrdn_lookup_dn)
Bug Description: Using uninitialized "data.data" when calling
"slapi_ch_free". If invalid NULL arguments or invalid DN is
passed or opening cursor failed, uninitialized data.data is freed.
Fix Description: initialize data if there is a chance to call
slapi_ch_free.
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
index 54f22a3..1573f1f 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
@@ -1026,7 +1026,7 @@ entryrdn_lookup_dn(backend *be,
"entryrdn_lookup_dn: Param error: Empty %s\n",
NULL==be?"backend":NULL==rdn?"rdn":0==id?"id":
NULL==dn?"dn container":"unknown");
- goto bail;
+ return rc;
}
*dn = NULL;
@@ -1040,6 +1040,7 @@ entryrdn_lookup_dn(backend *be,
return rc;
}
+ memset(&data, 0, sizeof(data));
/* Make a cursor */
rc = db->cursor(db, db_txn, &cursor, 0);
if (rc) {
@@ -1064,7 +1065,6 @@ entryrdn_lookup_dn(backend *be,
}
/* Setting the bulk fetch buffer */
- memset(&data, 0, sizeof(data));
data.flags = DB_DBT_MALLOC;
do {
commit 3ee18083403cc8307ddecbb4abba48c62dad8475
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 18:00:13 2011 -0700
Bug 750625 - Fix Coverity (11117) Uninitialized pointer read
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/tools/ldclt/ldapfct.c (getPending)
Bug Description: Using uninitialized value "verb" when calling
"printf".
Fix Description: If the mode is not the supported operations,
getPending immediately return instead of going forward.
diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c
index 4d58d88..fd291bb 100644
--- a/ldap/servers/slapd/tools/ldclt/ldapfct.c
+++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c
@@ -2348,24 +2348,25 @@ getPending (
expected = LDAP_RES_ADD;
verb = "ldap_add";
}
+ else if (tttctx->mode & DELETE_ENTRIES)
+ {
+ expected = LDAP_RES_DELETE;
+ verb = "ldap_delete";
+ }
+ else if (tttctx->mode & RENAME_ENTRIES)
+ {
+ expected = LDAP_RES_MODRDN;
+ verb = "ldap_rename";
+ }
+ else if (tttctx->mode & ATTR_REPLACE) /*JLS 21-11-00*/
+ {
+ expected = LDAP_RES_MODIFY; /*JLS 21-11-00*/
+ verb = "ldap_modify"; /*JLS 21-11-00*/
+ }
else
- if (tttctx->mode & DELETE_ENTRIES)
- {
- expected = LDAP_RES_DELETE;
- verb = "ldap_delete";
- }
- else
- if (tttctx->mode & RENAME_ENTRIES)
- {
- expected = LDAP_RES_MODRDN;
- verb = "ldap_rename";
- }
- else /*JLS 21-11-00*/
- if (tttctx->mode & ATTR_REPLACE) /*JLS 21-11-00*/
- { /*JLS 21-11-00*/
- expected = LDAP_RES_MODIFY; /*JLS 21-11-00*/
- verb = "ldap_modify"; /*JLS 21-11-00*/
- } /*JLS 21-11-00*/
+ {
+ return (-1);
+ }
/*
* Here, we are in asynchronous mode...
commit 003812911f56619f0db58ba627037644fb0f68fb
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 17:52:03 2011 -0700
Bug 750625 - Fix Coverity (11054) Dereference after null check
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/pw.c (new_passwdPolicy)
Bug Description: Passing null variable "pb" to function "get_entry",
which dereferences it.
Fix Description: if NULL pblock is passed, new_passworPolicy does not
go forward, but returns immediately.
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index 8138d05..ed8d2c8 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -343,20 +343,21 @@ pw_encodevals_ext( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals )
passwdPolicy *pwpolicy=NULL;
char *(*pws_enc) ( char *pwd ) = NULL;
- if ( vals == NULL ) {
+ if ( (NULL == pb) || (NULL == vals) ) {
return( 0 );
}
/* new_passwdPolicy gives us a local policy if sdn and pb are set and
can be used to find a local policy, else we get the global policy */
- pwpolicy = new_passwdPolicy(pb, sdn ? (char*)slapi_sdn_get_ndn(sdn) : NULL );
+ pwpolicy = new_passwdPolicy(pb, sdn ? (char*)slapi_sdn_get_ndn(sdn) : NULL);
+ if (pwpolicy) {
+ if (pwpolicy->pw_storagescheme) {
+ pws_enc = pwpolicy->pw_storagescheme->pws_enc;
+ }
- if (pwpolicy->pw_storagescheme) {
- pws_enc = pwpolicy->pw_storagescheme->pws_enc;
+ delete_passwdPolicy(&pwpolicy);
}
- delete_passwdPolicy(&pwpolicy);
-
/* Password scheme encryption function was not found */
if ( pws_enc == NULL ) {
return( 0 );
@@ -1527,19 +1528,23 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn)
char ebuf[ BUFSIZ ];
int optype = -1;
+ /* RFE - is there a way to make this work for non-existent entries
+ * when we don't pass in pb? We'll need to do this if we add support
+ * for password policy plug-ins. */
+ if (NULL == pb) {
+ LDAPDebug0Args(LDAP_DEBUG_ANY,
+ "new_passwdPolicy: NULL pblock was passed.\n");
+ return NULL;
+ }
slapdFrontendConfig = getFrontendConfig();
pwdpolicy = (passwdPolicy *)slapi_ch_calloc(1, sizeof(passwdPolicy));
- if (pb) {
- slapi_pblock_get( pb, SLAPI_OPERATION_TYPE, &optype );
- }
+ slapi_pblock_get( pb, SLAPI_OPERATION_TYPE, &optype );
if (dn && (slapdFrontendConfig->pwpolicy_local == 1)) {
/* If we're doing an add, COS does not apply yet so we check
parents for the pwdpolicysubentry. We look only for virtual
attributes, because real ones are for single-target policy. */
- /* NGK - is there a way to make this work for non-existent entries when we don't pass in pb? We'll
- * need to do this if we add support for password policy plug-ins. */
if (optype == SLAPI_OPERATION_ADD) {
char *parentdn = slapi_ch_strdup(dn);
char *nextdn = NULL;
commit 0ae39ce5b3050d49005d632ed420d8c80e834b7e
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 17:49:39 2011 -0700
Bug 750625 - Fix Coverity (11055) Explicit null dereferenced
https://bugzilla.redhat.com/show_bug.cgi?id=750625
plugins/automember/automember.c (automember_pre_op)
Bug Description: Passing null variable "e" to function
"automember_parse_config_entry", which dereferences it.
Missing a check of the NULL possibility of target entry "e".
Fix Description: Check if "e" is NULL or not. If it is, goto "bail".
diff --git a/ldap/servers/plugins/automember/automember.c b/ldap/servers/plugins/automember/automember.c
index 89ed1da..010b5ac 100644
--- a/ldap/servers/plugins/automember/automember.c
+++ b/ldap/servers/plugins/automember/automember.c
@@ -1593,6 +1593,11 @@ automember_pre_op(Slapi_PBlock * pb, int modop)
if (LDAP_CHANGETYPE_ADD == modop) {
slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e);
+ /* If the entry doesn't exist, just bail and
+ * let the server handle it. */
+ if (e == NULL) {
+ goto bail;
+ }
} else if (LDAP_CHANGETYPE_MODIFY == modop) {
/* Fetch the entry being modified so we can
* create the resulting entry for validation. */
commit e8a685f2c4f0227cf96e246799ed14ec6d71b30f
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 17:45:35 2011 -0700
Bug 750625 - Fix Coverity (11057) Dereference null return value
https://bugzilla.redhat.com/show_bug.cgi?id=750625
plugins/acl/aclutil.c (aclutil_expand_paramString)
Bug Description: Dereferencing a null pointer "a_dns".
Missing a check of the NULL possibilities for slapi_entry_get_ndn(e),
str and their exploded results.
Fix Description: check if slapi_entry_get_ndn(e), str and their
exploded values are NULL or not. If any of the values are NULL,
it does not go further, but returns.
diff --git a/ldap/servers/plugins/acl/aclutil.c b/ldap/servers/plugins/acl/aclutil.c
index d572911..2f24da3 100644
--- a/ldap/servers/plugins/acl/aclutil.c
+++ b/ldap/servers/plugins/acl/aclutil.c
@@ -555,9 +555,14 @@ aclutil_expand_paramString ( char *str, Slapi_Entry *e )
int rc = -1;
char *buf = NULL;
-
+ if ((NULL == slapi_entry_get_ndn ( e )) || (NULL == str)) {
+ return NULL;
+ }
e_dns = slapi_ldap_explode_dn ( slapi_entry_get_ndn ( e ), 0 );
a_dns = slapi_ldap_explode_dn ( str, 0 );
+ if ((NULL == e_dns) || (NULL == a_dns)) {
+ goto cleanup;
+ }
i = 0;
ncomponents = 0;
commit 4cb3e1d280133d47919b11e52d33b8d375f2d459
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 17:00:15 2011 -0700
Bug 750625 - Fix Coverity (11058, 11059) Dereference null return value
https://bugzilla.redhat.com/show_bug.cgi?id=750625
plugins/referint/referint.c (_update_one_per_mod, _update_all_per_mod)
Bug Description: Dereferencing a null pointer "dnParts".
Missing a check of the NULL possibilities for origDN and exploded origDN.
Fix Description: check if origDN and dnParts are NULL or not.
If NULL, it does not go forward, but goto bail.
diff --git a/ldap/servers/plugins/referint/referint.c b/ldap/servers/plugins/referint/referint.c
index 57ee6df..9c655ca 100644
--- a/ldap/servers/plugins/referint/referint.c
+++ b/ldap/servers/plugins/referint/referint.c
@@ -394,8 +394,19 @@ _update_one_per_mod(Slapi_DN *entrySDN, /* DN of the searched entry */
int nval = 0;
Slapi_Value *v = NULL;
+ if (NULL == origDN) {
+ slapi_log_error(SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
+ "_update_one_value: NULL dn was passed\n");
+ goto bail;
+ }
/* need to put together rdn into a dn */
dnParts = slapi_ldap_explode_dn( origDN, 0 );
+ if (NULL == dnParts) {
+ slapi_log_error(SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
+ "_update_one_value: failed to explode dn %s\n",
+ origDN);
+ goto bail;
+ }
if (NULL == newRDN) {
newRDN = dnParts[0];
}
@@ -510,7 +521,7 @@ _update_one_per_mod(Slapi_DN *entrySDN, /* DN of the searched entry */
}
slapi_ch_free_string(&newDN);
}
-
+bail:
return rc;
}
@@ -554,7 +565,7 @@ _update_all_per_mod(Slapi_DN *entrySDN, /* DN of the searched entry */
rc = _do_modify(mod_pb, entrySDN, mods, txn);
if (rc) {
slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
- "_update_one_value: entry %s: deleting \"%s: %s\" failed (%d)"
+ "_update_all_per_mod: entry %s: deleting \"%s: %s\" failed (%d)"
"\n", slapi_sdn_get_dn(entrySDN), attrName, origDN, rc);
}
} else {
@@ -563,8 +574,19 @@ _update_all_per_mod(Slapi_DN *entrySDN, /* DN of the searched entry */
int nval = 0;
Slapi_Value *v = NULL;
+ if (NULL == origDN) {
+ slapi_log_error(SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
+ "_update_all_per_mod: NULL dn was passed\n");
+ goto bail;
+ }
/* need to put together rdn into a dn */
dnParts = slapi_ldap_explode_dn( origDN, 0 );
+ if (NULL == dnParts) {
+ slapi_log_error(SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
+ "_update_all_per_mod: failed to explode dn %s\n",
+ origDN);
+ goto bail;
+ }
if (NULL == newRDN) {
newRDN = dnParts[0];
}
@@ -635,7 +657,7 @@ _update_all_per_mod(Slapi_DN *entrySDN, /* DN of the searched entry */
rc = _do_modify(mod_pb, entrySDN, slapi_mods_get_ldapmods_byref(smods), txn);
if (rc) {
slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
- "_update_all_value: entry %s failed (%d)\n",
+ "_update_all_per_mod: entry %s failed (%d)\n",
slapi_sdn_get_dn(entrySDN), rc);
}
@@ -647,7 +669,7 @@ _update_all_per_mod(Slapi_DN *entrySDN, /* DN of the searched entry */
slapi_ch_free_string(&newDN);
slapi_mods_free(&smods);
}
-
+bail:
return rc;
}
commit bf22994835706ff2287673bcb52c29447acba88d
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 16:54:55 2011 -0700
Bug 750625 - Fix Coverity (11060) Dereference null return value
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/back-ldbm/ldbm_modrdn.c (moddn_rename_child_entry)
Bug Description: Dereferencing a null pointer "olddns".
Missing a check of the NULL possibilities for olddns and olddn.
Fix Description: check if olddn and olddns are NULL or not.
If NULL, it does not go forward, but returns.
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
index 493e476..ac5c775 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
@@ -409,7 +409,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
int err = 0;
Slapi_DN ancestorsdn;
struct backentry *ancestorentry;
- slapi_sdn_init(&ancestorsdn);
+ slapi_sdn_init(&ancestorsdn);
ancestorentry= dn2ancestor(be,&dn_newdn,&ancestorsdn,&txn,&err);
CACHE_RETURN( &inst->inst_cache, &ancestorentry );
ldap_result_matcheddn= slapi_ch_strdup((char *) slapi_sdn_get_dn(&ancestorsdn));
@@ -1534,7 +1534,7 @@ moddn_rename_child_entry(
*
* JCM - This was written before Slapi_RDN... so this could be made much neater.
*/
- int retval;
+ int retval = 0;
char *olddn;
char *newdn;
char **olddns;
@@ -1543,7 +1543,13 @@ moddn_rename_child_entry(
int i;
olddn = slapi_entry_get_dn(ec->ep_entry);
+ if (NULL == olddn) {
+ return retval;
+ }
olddns = slapi_ldap_explode_dn( olddn, 0 );
+ if (NULL == olddns) {
+ return retval;
+ }
for(;olddns[olddncomps]!=NULL;olddncomps++);
for(i=0;i<olddncomps-parentdncomps;i++)
{
commit 63daf8e367997db2380e3a0c5e8935f38cf0c10c
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 16:50:12 2011 -0700
Bug 750625 - Fix Coverity (11061) Resource leak
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/mapping_tree.c (mapping_tree_entry_add)
Bug Description: Variable "subtree" going out of scope leaks
the storage it points to.
Slapi_DN subtree leaks when defbackend_get_backend returns NULL.
Fix Description: Free "subtree" before returning.
diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c
index 64a00bf..935e34a 100644
--- a/ldap/servers/slapd/mapping_tree.c
+++ b/ldap/servers/slapd/mapping_tree.c
@@ -753,6 +753,7 @@ mapping_tree_entry_add(Slapi_Entry *entry, mapping_tree_node **newnodep )
LDAPDebug(LDAP_DEBUG_ANY,
"ERROR: default container has not been created for the NULL SUFFIX node.\n",
0, 0, 0);
+ slapi_sdn_free(&subtree);
return -1;
}
@@ -810,7 +811,7 @@ mapping_tree_entry_add(Slapi_Entry *entry, mapping_tree_node **newnodep )
"ERROR: node %s cannot find distribution plugin. "
SLAPI_COMPONENT_NAME_NSPR " %d (%s)\n",
slapi_entry_get_dn(entry), PR_GetError(), slapd_pr_strerror(PR_GetError()));
- slapi_sdn_free(&subtree);
+ slapi_sdn_free(&subtree);
slapi_ch_free((void **) &plugin_funct);
slapi_ch_free((void **) &plugin_lib);
free_mapping_tree_node_arrays(&be_list, &be_names, &be_states, &be_list_count);
@@ -837,6 +838,7 @@ mapping_tree_entry_add(Slapi_Entry *entry, mapping_tree_node **newnodep )
}
/* Now we can create the node for this mapping tree entry. */
+ /* subtree is consumed. */
node= mapping_tree_node_new(subtree, be_list, be_names, be_states, be_list_count,
be_list_size, referral, parent_node, state,
0 /* Normal node. People can see and change it. */,
commit 938046cc40ac35abc0d6fb83a7af67eda3196c03
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 16:46:45 2011 -0700
Bug 750625 - Fix Coverity (11064) Dereference before null check
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/pw_retry.c (get_entry)
Bug Description: Dereferencing pointer "pb" before a null check.
Fix Description: Check if "pb" is NULL or not first. If NULL,
goto bail.
diff --git a/ldap/servers/slapd/pw_retry.c b/ldap/servers/slapd/pw_retry.c
index 9c801ad..5244622 100644
--- a/ldap/servers/slapd/pw_retry.c
+++ b/ldap/servers/slapd/pw_retry.c
@@ -209,9 +209,15 @@ Slapi_Entry *get_entry ( Slapi_PBlock *pb, const char *dn)
Slapi_DN *target_sdn = NULL;
Slapi_DN sdn;
+ if (NULL == pb) {
+ LDAPDebug(LDAP_DEBUG_ANY, "get_entry - no pblock specified.\n",
+ 0, 0, 0);
+ goto bail;
+ }
+
slapi_pblock_get( pb, SLAPI_TARGET_SDN, &target_sdn );
- if ((dn == NULL) && pb) {
+ if (dn == NULL) {
dn = slapi_sdn_get_dn(target_sdn);
}
commit f67d3ba0e58ce4f36947871ad2ace39e57f1b949
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 16:43:56 2011 -0700
Bug 750625 - Fix Coverity (11065) Uninitialized pointer read
https://bugzilla.redhat.com/show_bug.cgi?id=750625
plugins/pam_passthru/pam_ptimpl.c (do_one_pam_auth)
Bug Description: Using uninitialized value "pam_id.str" when
calling "delete_my_str_buf".
Fix Description: Initialize pam_id.str with NULL in case bindsdn
is NULL.
diff --git a/ldap/servers/plugins/pam_passthru/pam_ptimpl.c b/ldap/servers/plugins/pam_passthru/pam_ptimpl.c
index 2aedec7..c0f03be 100644
--- a/ldap/servers/plugins/pam_passthru/pam_ptimpl.c
+++ b/ldap/servers/plugins/pam_passthru/pam_ptimpl.c
@@ -280,6 +280,7 @@ do_one_pam_auth(
if (NULL == bindsdn) {
errmsg = PR_smprintf("Null bind dn");
retcode = LDAP_OPERATIONS_ERROR;
+ pam_id.str = NULL; /* initialize pam_id.str */
goto done; /* skip the pam stuff */
}
binddn = slapi_sdn_get_dn(bindsdn);
commit 601cba05de70076d33a0d6b2032ab85c0d490ba6
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 16:40:32 2011 -0700
Bug 750625 - Fix Coverity (11066) Unused pointer value
https://bugzilla.redhat.com/show_bug.cgi?id=750625
slapd/opshared.c (op_shared_search)
Bug Description: A pointer "normbase" returned by "slapi_sdn_get_
dn(sdn)" is never used.
Fix description: removing the line that normbase is set.
diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
index f2ef9cc..bf6b016 100644
--- a/ldap/servers/slapd/opshared.c
+++ b/ldap/servers/slapd/opshared.c
@@ -704,7 +704,6 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
slapi_sdn_free(&sdn);
sdn = slapi_sdn_dup(be_suffix);
slapi_pblock_set(pb, SLAPI_SEARCH_TARGET_SDN, (void *)sdn);
- normbase = slapi_sdn_get_dn(sdn);
}
}
}
12 years, 1 month
ldap/servers
by Noriko Hosoi
ldap/servers/slapd/dn.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
New commits:
commit 54a3d99a96d84b42f680da43c7f638009c0f64d4
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 16:05:12 2011 -0700
Bug 750624 - Fix Coverity (11053) Explicit null dereferenced:
slapi_dn_normalize_ext (slapd/dn.c)
https://bugzilla.redhat.com/show_bug.cgi?id=750624
Bug Description: Dereferencing null variable "d".
There is no possibility that (rc > 0) && (d == NULL), but it's
safe to check if d is not NULL before assigning '\0' to *d.
Fix Description: add checking if "d" is NULL or not before
assigning '\0' to *d.
diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c
index e5b9db9..2b0b338 100644
--- a/ldap/servers/slapd/dn.c
+++ b/ldap/servers/slapd/dn.c
@@ -515,7 +515,7 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
int chkblank = 0;
int is_dn_syntax = 0;
- if (NULL == dest) {
+ if ((NULL == dest) || (NULL == dest_len)) {
goto bail;
}
if (NULL == src) {
@@ -544,7 +544,7 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
}
}
if (0 == src_len) { /* src == "" */
- goto bail;
+ goto bail; /* need to bail after setting up *dest and rc */
}
ends = src + src_len;
@@ -1081,7 +1081,7 @@ bail:
}
}
*dest_len = 0;
- } else if (rc > 0) {
+ } else if (d && rc > 0) {
/* We terminate the str with NULL only when we allocate the str */
*d = '\0';
}
12 years, 1 month
ldap/servers
by Noriko Hosoi
ldap/servers/slapd/sasl_map.c | 4 ++++
1 file changed, 4 insertions(+)
New commits:
commit 6af5ece3ca029271f2b2180c24bad546e2d64c45
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Tue Nov 1 16:03:57 2011 -0700
Bug 750622 - Fix Coverity (11104) Resource leak:
ids_sasl_user_to_entry (slapd/saslbind.c)
https://bugzilla.redhat.com/show_bug.cgi?id=750622
Bug Description: sasl_map_domap allocates strings for "base" and
"filter" in it; the caller ids_sasl_user_to_entry releases them
only when the function returns non-0 regexmatch (matched), but
even if the return value is 0 (did not match), the strings are
allocated.
Fix Description: underlying function sasl_map_check frees "base"
and "filter" if mapping did not match.
diff --git a/ldap/servers/slapd/sasl_map.c b/ldap/servers/slapd/sasl_map.c
index e934b11..1bdaa20 100644
--- a/ldap/servers/slapd/sasl_map.c
+++ b/ldap/servers/slapd/sasl_map.c
@@ -558,6 +558,8 @@ sasl_map_check(sasl_map_data *dp, char *sasl_user_and_realm, char **ldap_search_
"sasl_map_check: slapi_re_subs failed: "
"subject: %s, subst str: %s (%d)\n",
sasl_user_and_realm, dp->template_base_dn, rc);
+ slapi_ch_free_string(ldap_search_base);
+ slapi_ch_free_string(ldap_search_filter);
} else {
/* Substitutes '&' and/or "\#" in template_search_filter */
rc = slapi_re_subs(re, sasl_user_and_realm,
@@ -568,6 +570,8 @@ sasl_map_check(sasl_map_data *dp, char *sasl_user_and_realm, char **ldap_search_
"sasl_map_check: slapi_re_subs failed: "
"subject: %s, subst str: %s (%d)\n",
sasl_user_and_realm, dp->template_search_filter, rc);
+ slapi_ch_free_string(ldap_search_base);
+ slapi_ch_free_string(ldap_search_filter);
} else {
/* these values are internal regex representations with
* lots of unprintable control chars - escape for logging */
12 years, 1 month
2 commits - ldap/servers
by Richard Allen Megginson
ldap/servers/slapd/csnset.c | 4 +++-
ldap/servers/slapd/entrywsi.c | 18 +++---------------
2 files changed, 6 insertions(+), 16 deletions(-)
New commits:
commit c07717326879119f321512d87e558b69045a86fd
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Fri Oct 28 12:51:08 2011 -0600
Bug 748575 - part 2 - rhds81 modrdn operation and 100% cpu use in replication
https://bugzilla.redhat.com/show_bug.cgi?id=748575
Resolves: bug 748575
Bug Description: rhds81 modrdn operation and 100% cpu use in replication
Reviewed by: ???
Branch: master
Fix Description: The entry code takes great pains to add or insert in
ascending order the dncsn to the e_dncsnset. But the only place this is
ever used is in the call to entry_get_dncsn, which just calls
csnset_get_last_csn, which just gets the last one in the list. Since the
last one in the list is the one with the greatest csn, and the function
csnset_update_csn already stores the greatest csn, we can just use that
function, rather than using csnset_add and insert and building a potentially
very large list. This should also have the effect of making importing
a replica init LDIF faster.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c
index dc038ba..506a1f9 100644
--- a/ldap/servers/slapd/entrywsi.c
+++ b/ldap/servers/slapd/entrywsi.c
@@ -184,10 +184,7 @@ int
entry_add_dncsn(Slapi_Entry *entry, const CSN *csn)
{
PR_ASSERT(entry!=NULL);
- if(!csnset_contains(entry->e_dncsnset,csn))
- {
- csnset_add_csn(&entry->e_dncsnset, CSN_TYPE_VALUE_DISTINGUISHED, csn);
- }
+ csnset_update_csn(&entry->e_dncsnset, CSN_TYPE_VALUE_DISTINGUISHED, csn);
return 0;
}
@@ -204,17 +201,7 @@ int
entry_add_dncsn_ext(Slapi_Entry *entry, const CSN *csn, PRUint32 flags)
{
PR_ASSERT(entry!=NULL);
- if(!csnset_contains(entry->e_dncsnset,csn))
- {
- if (flags & ENTRY_DNCSN_INCREASING)
- {
- csnset_insert_csn(&entry->e_dncsnset, CSN_TYPE_VALUE_DISTINGUISHED, csn);
- }
- else
- {
- csnset_add_csn(&entry->e_dncsnset, CSN_TYPE_VALUE_DISTINGUISHED, csn);
- }
- }
+ csnset_update_csn(&entry->e_dncsnset, CSN_TYPE_VALUE_DISTINGUISHED, csn);
return 0;
}
commit 23467126c33a1f6004bb8357d87bc355a53eb25d
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed Oct 26 17:13:28 2011 -0600
Bug 748575 - rhds81 modrn operation and 100% cpu use in replication
https://bugzilla.redhat.com/show_bug.cgi?id=748575
Resolves: bug 748575
Bug Description: rhds81 modrn operation and 100% cpu use in replication
Reviewed by: ???
Branch: master
Fix Description: The modrdn operation causes the entry to be copied multiple
times by calling slapi_entry_dup. This in turn does a csnset_dup of the
e_dncsnset in the entry. This function was very inefficient. It would simply
call csnset_add_csn, which would iterate to the end of the linked list
for every addition. Once you get several thousand items in the list, it
has to iterate to the end of several thousand items each time. I changed it
to keep track of the last item in the list, and just add the new item to the
end of the list. This improves the performance quite a bit, but the cpu
still gets pegged at a high percentage eventually, it just takes longer to
reach that point.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/slapd/csnset.c b/ldap/servers/slapd/csnset.c
index 645c17e..d98cecf 100644
--- a/ldap/servers/slapd/csnset.c
+++ b/ldap/servers/slapd/csnset.c
@@ -374,11 +374,13 @@ CSNSet *
csnset_dup(const CSNSet *csnset)
{
CSNSet *newcsnset= NULL;
+ CSNSet **curnode = &newcsnset;
const CSNSet *n= csnset;
while(n!=NULL)
{
- csnset_add_csn(&newcsnset,n->type,&n->csn);
+ csnset_add_csn(curnode,n->type,&n->csn);
n= n->next;
+ curnode = &((*curnode)->next);
}
return newcsnset;
}
diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c
index 9087651..dc038ba 100644
--- a/ldap/servers/slapd/entrywsi.c
+++ b/ldap/servers/slapd/entrywsi.c
@@ -358,6 +358,7 @@ entry_purge_state_information(Slapi_Entry *e, const CSN *csnUpTo)
*/
attr_purge_state_information(e, a, csnUpTo);
}
+ csnset_purge(&e->e_dncsnset, csnUpTo);
}
/*
12 years, 1 month