Branch '389-ds-base-1.2.11' - ldap/servers
by Mark Reynolds
ldap/servers/plugins/cos/cos_cache.c | 82 ++++++++++++++++++++---------------
1 file changed, 48 insertions(+), 34 deletions(-)
New commits:
commit 8f39dd5f9f32645177417d32fb9c987a35ddd33e
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Fri Jan 24 18:12:32 2014 -0800
Ticket #47649 - Server hangs in cos_cache when adding a user entry
Bug description: cos_dn_defs_cb reads cosDefinition and sets up the cos
Definition part of cos cache. In the function, when processing
cosAttribute, cosTargetTree and cosTemlpateDn are missing, it sets the
parent dn of the cos definition dn. This parent setting is needed only
when the 2 attributes are completely missing from the cos definition.
But if the attributes are located below cosAttribute (see the Example
cos definition), in addition to "cn=cosTemplates,ou=people,dc=example,
dc=com", the parent of "cn=generatePostalCode,ou=People,dc=example,dc=com"
is added to the cos cache as cosTemplateDn.
Example cos definition:
dn: cn=generatePostalCode,ou=People,dc=example,dc=com
description: generate postalCode attr based on location
objectClass: top
objectClass: ldapsubentry
objectClass: cossuperdefinition
objectClass: cosClassicDefinition
cosAttribute: postalCode
costemplatedn: cn=cosTemplates,ou=people,dc=example,dc=com
cosSpecifier: l
cn: generatePostalCode
The mistakenly added cosTemplatedDn makes adding an entry under ou=People
notify recreating the cos cache. The notification needs to be outside of
backend transaction since it causes a deadlock with the cos_cache_wait_
on_change thread which cannot read the DB due to the transaction but holds
the lock that the notifier thread is waiting for.
Fix description: The parent of the cos definition dn is set to the
cosTargetTree and the cosTemlpateDn, only when the attributes are
completely missing.
https://fedorahosted.org/389/ticket/47649
Reviewed by rmeggins(a)redhat.com (Thank you, Rich!!)
(cherry picked from commit 1e52401d3abd0377f55676f4a1508a02aaa7f955)
(cherry picked from commit 01c0794cde7eb91a1a4e477a0286533df4a4ae38)
(cherry picked from commit 1ebad4bd50fb1483998a32b5d3e232e89aeda0f7)
diff --git a/ldap/servers/plugins/cos/cos_cache.c b/ldap/servers/plugins/cos/cos_cache.c
index 895154d..1ff02f9 100644
--- a/ldap/servers/plugins/cos/cos_cache.c
+++ b/ldap/servers/plugins/cos/cos_cache.c
@@ -767,7 +767,8 @@ struct dn_defs_info {
* if a particular attempt to add a definition fails: info.ret gets set to
* zero only if we succed to add a def.
*/
-static int cos_dn_defs_cb (Slapi_Entry* e, void *callback_data)
+static int
+cos_dn_defs_cb (Slapi_Entry* e, void *callback_data)
{
struct dn_defs_info *info;
cosAttrValue **pSneakyVal = 0;
@@ -917,31 +918,10 @@ static int cos_dn_defs_cb (Slapi_Entry* e, void *callback_data)
dnVals[valIndex]->bv_val);
}
- if(!pCosTargetTree)
- {
- /* get the parent of the definition */
- char *orig = slapi_dn_parent(pDn->val);
- Slapi_DN *psdn = slapi_sdn_new_dn_byval(orig);
- char *parent = (char *)slapi_sdn_get_dn(psdn);
- if (!parent) {
- parent = (char *)slapi_sdn_get_udn(psdn);
- LDAPDebug(LDAP_DEBUG_ANY,
- "cos_cache_build_definition_list: "
- "failed to normalize parent dn %s. "
- "Adding the pre normalized dn.\n",
- parent, 0, 0);
- }
- cos_cache_add_attrval(&pCosTargetTree, parent);
- if (!pCosTemplateDn) {
- cos_cache_add_attrval(&pCosTemplateDn, parent);
- }
- slapi_sdn_free(&psdn);
- }
-
slapi_vattrspi_regattr((vattr_sp_handle *)vattr_handle,
dnVals[valIndex]->bv_val, NULL, NULL);
} /* if(attrType is cosAttribute) */
-
+
/*
* Add the attributetype to the appropriate
* list.
@@ -953,6 +933,47 @@ static int cos_dn_defs_cb (Slapi_Entry* e, void *callback_data)
ber_bvecfree( dnVals );
dnVals = NULL;
} while(!slapi_entry_next_attr(e, dnAttr, &dnAttr));
+
+ if (pCosAttribute && (!pCosTargetTree || !pCosTemplateDn)) {
+ /* get the parent of the definition */
+ char *orig = slapi_dn_parent(pDn->val);
+ char *parent = NULL;
+ if (orig) {
+ parent = slapi_create_dn_string("%s", orig);
+ if (!parent) {
+ parent = orig;
+ LDAPDebug1Arg(LDAP_DEBUG_ANY,
+ "cos_dn_defs_cb: "
+ "failed to normalize parent dn %s. "
+ "Adding the pre normalized dn.\n",
+ parent);
+ }
+ if (!pCosTargetTree) {
+ cos_cache_add_attrval(&pCosTargetTree, parent);
+ }
+ if (!pCosTemplateDn) {
+ cos_cache_add_attrval(&pCosTemplateDn, parent);
+ }
+ if (parent != orig) {
+ slapi_ch_free_string(&parent);
+ }
+ slapi_ch_free_string(&orig);
+ } else {
+ LDAPDebug1Arg(LDAP_DEBUG_ANY,
+ "cos_dn_defs_cb: "
+ "failed to get parent dn of cos definition %s.\n",
+ pDn->val);
+ if (!pCosTemplateDn) {
+ if (!pCosTargetTree) {
+ LDAPDebug0Args(LDAP_DEBUG_ANY, "cosTargetTree and cosTemplateDn are not set.\n");
+ } else {
+ LDAPDebug0Args(LDAP_DEBUG_ANY, "cosTemplateDn is not set.\n");
+ }
+ } else if (!pCosTargetTree) {
+ LDAPDebug0Args(LDAP_DEBUG_ANY, "cosTargetTree is not set.\n");
+ }
+ }
+ }
/*
determine the type of class of service scheme
@@ -991,9 +1012,7 @@ static int cos_dn_defs_cb (Slapi_Entry* e, void *callback_data)
*/
/* these must exist */
- if( pDn &&
- pObjectclass &&
-
+ if(pDn && pObjectclass &&
(
(cosType == COSTYPE_CLASSIC &&
pCosTemplateDn &&
@@ -3623,14 +3642,9 @@ static int cos_cache_entry_is_cos_related( Slapi_Entry *e) {
{
pObj = (char*)slapi_value_get_string(val);
- /*
- * objectclasses are ascii--maybe strcasecmp() is faster than
- * slapi_utf8casecmp()
- */
- if( !strcasecmp(pObj, "cosdefinition") ||
- !strcasecmp(pObj, "cossuperdefinition") ||
- !strcasecmp(pObj, "costemplate")
- )
+ if(!strcasecmp(pObj, "cosdefinition") ||
+ !strcasecmp(pObj, "cossuperdefinition") ||
+ !strcasecmp(pObj, "costemplate"))
{
rc = 1;
}
8 years, 10 months
Branch '389-ds-base-1.2.11' - ldap/servers
by Mark Reynolds
ldap/servers/plugins/replication/repl5_protocol_util.c | 5 +++--
ldap/servers/slapd/modify.c | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
New commits:
commit ad5314fe74344005770356aebe479016395774cf
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Fri May 9 10:24:27 2014 -0400
Ticket 47772 - fix coverity issue
12565 - resource leak
12564 - Explicit null dereferenced
https://fedorahosted.org/389/ticket/47772
Reviewed by: rmeggins(Thanks!)
(cherry picked from commit 24d44ba65398470fc8056b14b77b34b5d660f34e)
diff --git a/ldap/servers/plugins/replication/repl5_protocol_util.c b/ldap/servers/plugins/replication/repl5_protocol_util.c
index 2fbe7c4..827ed58 100644
--- a/ldap/servers/plugins/replication/repl5_protocol_util.c
+++ b/ldap/servers/plugins/replication/repl5_protocol_util.c
@@ -689,16 +689,17 @@ protocol_response2string (int response)
int
repl5_strip_fractional_mods(Repl_Agmt *agmt, LDAPMod ** mods)
{
- char **a = agmt_get_fractional_attrs(agmt);
+ char **a;
char **attrs_to_strip;
int retval = 0;
int strip = 1;
int i, j, k;
if (mods == NULL) {
- return retval;
+ return retval;
}
+ a = agmt_get_fractional_attrs(agmt);
if (a) {
/* Iterate through the fractional attr list */
for ( i = 0; a[i] != NULL; i++ )
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
index 5f8a0ac..90c9f8c 100644
--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
@@ -402,8 +402,8 @@ do_modify( Slapi_PBlock *pb )
"mod includes invalid dn format", 0, NULL);
goto free_and_return;
}
+ slapi_pblock_set(pb, SLAPI_MODIFY_MODS, normalized_mods);
}
- slapi_pblock_set(pb, SLAPI_MODIFY_MODS, normalized_mods);
op_shared_modify ( pb, pw_change, old_pw );
8 years, 10 months
Branch '389-ds-base-1.3.0' - ldap/servers
by Mark Reynolds
ldap/servers/plugins/replication/repl5_protocol_util.c | 5 +++--
ldap/servers/slapd/modify.c | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
New commits:
commit f86e1a2bce63852486e65d596b97a01722d3b4a2
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Fri May 9 10:24:27 2014 -0400
Ticket 47772 - fix coverity issue
12565 - resource leak
12564 - Explicit null dereferenced
https://fedorahosted.org/389/ticket/47772
Reviewed by: rmeggins(Thanks!)
(cherry picked from commit 24d44ba65398470fc8056b14b77b34b5d660f34e)
diff --git a/ldap/servers/plugins/replication/repl5_protocol_util.c b/ldap/servers/plugins/replication/repl5_protocol_util.c
index 2fbe7c4..827ed58 100644
--- a/ldap/servers/plugins/replication/repl5_protocol_util.c
+++ b/ldap/servers/plugins/replication/repl5_protocol_util.c
@@ -689,16 +689,17 @@ protocol_response2string (int response)
int
repl5_strip_fractional_mods(Repl_Agmt *agmt, LDAPMod ** mods)
{
- char **a = agmt_get_fractional_attrs(agmt);
+ char **a;
char **attrs_to_strip;
int retval = 0;
int strip = 1;
int i, j, k;
if (mods == NULL) {
- return retval;
+ return retval;
}
+ a = agmt_get_fractional_attrs(agmt);
if (a) {
/* Iterate through the fractional attr list */
for ( i = 0; a[i] != NULL; i++ )
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
index d26ade1..9f41762 100644
--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
@@ -402,8 +402,8 @@ do_modify( Slapi_PBlock *pb )
"mod includes invalid dn format", 0, NULL);
goto free_and_return;
}
+ slapi_pblock_set(pb, SLAPI_MODIFY_MODS, normalized_mods);
}
- slapi_pblock_set(pb, SLAPI_MODIFY_MODS, normalized_mods);
op_shared_modify ( pb, pw_change, old_pw );
8 years, 10 months
Branch '389-ds-base-1.3.1' - ldap/servers
by Mark Reynolds
ldap/servers/plugins/replication/repl5_protocol_util.c | 5 +++--
ldap/servers/slapd/modify.c | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
New commits:
commit 85cc40c590be2eb7b1bc427297d468ffe661a9ac
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Fri May 9 10:24:27 2014 -0400
Ticket 47772 - fix coverity issue
12565 - resource leak
12564 - Explicit null dereferenced
https://fedorahosted.org/389/ticket/47772
Reviewed by: rmeggins(Thanks!)
(cherry picked from commit 24d44ba65398470fc8056b14b77b34b5d660f34e)
diff --git a/ldap/servers/plugins/replication/repl5_protocol_util.c b/ldap/servers/plugins/replication/repl5_protocol_util.c
index 893839d..6ff750b 100644
--- a/ldap/servers/plugins/replication/repl5_protocol_util.c
+++ b/ldap/servers/plugins/replication/repl5_protocol_util.c
@@ -689,16 +689,17 @@ protocol_response2string (int response)
int
repl5_strip_fractional_mods(Repl_Agmt *agmt, LDAPMod ** mods)
{
- char **a = agmt_get_fractional_attrs(agmt);
+ char **a;
char **attrs_to_strip;
int retval = 0;
int strip = 1;
int i, j, k;
if (mods == NULL) {
- return retval;
+ return retval;
}
+ a = agmt_get_fractional_attrs(agmt);
if (a) {
/* Iterate through the fractional attr list */
for ( i = 0; a[i] != NULL; i++ )
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
index 51d4194..b3068c2 100644
--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
@@ -412,8 +412,8 @@ do_modify( Slapi_PBlock *pb )
"mod includes invalid dn format", 0, NULL);
goto free_and_return;
}
+ slapi_pblock_set(pb, SLAPI_MODIFY_MODS, normalized_mods);
}
- slapi_pblock_set(pb, SLAPI_MODIFY_MODS, normalized_mods);
op_shared_modify ( pb, pw_change, old_pw );
8 years, 10 months
Branch '389-ds-base-1.3.2' - ldap/servers
by Mark Reynolds
ldap/servers/plugins/replication/repl5_protocol_util.c | 5 +++--
ldap/servers/slapd/modify.c | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
New commits:
commit b12c22bf724afa275d4f573d33c1671c4ba27b04
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Fri May 9 10:24:27 2014 -0400
Ticket 47772 - fix coverity issue
12565 - resource leak
12564 - Explicit null dereferenced
https://fedorahosted.org/389/ticket/47772
Reviewed by: rmeggins(Thanks!)
(cherry picked from commit 24d44ba65398470fc8056b14b77b34b5d660f34e)
diff --git a/ldap/servers/plugins/replication/repl5_protocol_util.c b/ldap/servers/plugins/replication/repl5_protocol_util.c
index 893839d..6ff750b 100644
--- a/ldap/servers/plugins/replication/repl5_protocol_util.c
+++ b/ldap/servers/plugins/replication/repl5_protocol_util.c
@@ -689,16 +689,17 @@ protocol_response2string (int response)
int
repl5_strip_fractional_mods(Repl_Agmt *agmt, LDAPMod ** mods)
{
- char **a = agmt_get_fractional_attrs(agmt);
+ char **a;
char **attrs_to_strip;
int retval = 0;
int strip = 1;
int i, j, k;
if (mods == NULL) {
- return retval;
+ return retval;
}
+ a = agmt_get_fractional_attrs(agmt);
if (a) {
/* Iterate through the fractional attr list */
for ( i = 0; a[i] != NULL; i++ )
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
index 7763700..34fc326 100644
--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
@@ -413,8 +413,8 @@ do_modify( Slapi_PBlock *pb )
"mod includes invalid dn format", 0, NULL);
goto free_and_return;
}
+ slapi_pblock_set(pb, SLAPI_MODIFY_MODS, normalized_mods);
}
- slapi_pblock_set(pb, SLAPI_MODIFY_MODS, normalized_mods);
op_shared_modify ( pb, pw_change, old_pw );
8 years, 10 months
ldap/servers
by Mark Reynolds
ldap/servers/plugins/replication/repl5_protocol_util.c | 5 +++--
ldap/servers/slapd/modify.c | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
New commits:
commit 24d44ba65398470fc8056b14b77b34b5d660f34e
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Fri May 9 10:24:27 2014 -0400
Ticket 47772 - fix coverity issue
12565 - resource leak
12564 - Explicit null dereferenced
https://fedorahosted.org/389/ticket/47772
Reviewed by: rmeggins(Thanks!)
diff --git a/ldap/servers/plugins/replication/repl5_protocol_util.c b/ldap/servers/plugins/replication/repl5_protocol_util.c
index 893839d..6ff750b 100644
--- a/ldap/servers/plugins/replication/repl5_protocol_util.c
+++ b/ldap/servers/plugins/replication/repl5_protocol_util.c
@@ -689,16 +689,17 @@ protocol_response2string (int response)
int
repl5_strip_fractional_mods(Repl_Agmt *agmt, LDAPMod ** mods)
{
- char **a = agmt_get_fractional_attrs(agmt);
+ char **a;
char **attrs_to_strip;
int retval = 0;
int strip = 1;
int i, j, k;
if (mods == NULL) {
- return retval;
+ return retval;
}
+ a = agmt_get_fractional_attrs(agmt);
if (a) {
/* Iterate through the fractional attr list */
for ( i = 0; a[i] != NULL; i++ )
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
index 7763700..34fc326 100644
--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
@@ -413,8 +413,8 @@ do_modify( Slapi_PBlock *pb )
"mod includes invalid dn format", 0, NULL);
goto free_and_return;
}
+ slapi_pblock_set(pb, SLAPI_MODIFY_MODS, normalized_mods);
}
- slapi_pblock_set(pb, SLAPI_MODIFY_MODS, normalized_mods);
op_shared_modify ( pb, pw_change, old_pw );
8 years, 10 months
ldap/servers
by Mark Reynolds
ldap/servers/slapd/back-ldbm/ancestorid.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
New commits:
commit cab6a2365b71e81676bafc8b9c7be3ac422b141d
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Fri May 9 10:04:34 2014 -0400
Ticket 47756 - fix coverity issues
Description: An unnecessary NULL check caused coverity to complain
12559 Dereference after NULL check
12560 Dereference before NULL check
12561 Dereference before NULL check
12562 Dereference before NULL check
https://fedorahosted.org/389/ticket/47756
Reviewed by: rmeggins(Thanks!)
diff --git a/ldap/servers/slapd/back-ldbm/ancestorid.c b/ldap/servers/slapd/back-ldbm/ancestorid.c
index c738b6c..b4d8292 100644
--- a/ldap/servers/slapd/back-ldbm/ancestorid.c
+++ b/ldap/servers/slapd/back-ldbm/ancestorid.c
@@ -112,7 +112,7 @@ static int ldbm_get_nonleaf_ids(backend *be, DB_TXN *txn, IDList **idl, ImportJo
idl_insert(&nodes, id);
}
key_count++;
- if(job && !(key_count % PROGRESS_INTERVAL)){
+ if(!(key_count % PROGRESS_INTERVAL)){
import_log_notice(job, "Gathering ancestorid non-leaf IDs: processed %d%% (ID count %d)",
(key_count * 100 / job->numsubordinates), key_count);
started_progress_logging = 1;
@@ -286,7 +286,7 @@ static int ldbm_ancestorid_default_create_index(backend *be, ImportJob *job)
}
key_count++;
- if(job && !(key_count % PROGRESS_INTERVAL)){
+ if(!(key_count % PROGRESS_INTERVAL)){
import_log_notice(job, "Creating ancestorid index: processed %d%% (ID count %d)",
(key_count * 100 / job->numsubordinates), key_count);
started_progress_logging = 1;
@@ -484,7 +484,7 @@ static int ldbm_ancestorid_new_idl_create_index(backend *be, ImportJob *job)
}
key_count++;
- if(job && !(key_count % PROGRESS_INTERVAL)){
+ if(!(key_count % PROGRESS_INTERVAL)){
import_log_notice(job, "Creating ancestorid index: progress %d%% (ID count %d)",
(key_count * 100 / job->numsubordinates), key_count);
started_progress_logging = 1;
8 years, 10 months
Branch '389-ds-base-1.2.11' - ldap/servers
by Mark Reynolds
ldap/servers/plugins/memberof/memberof.c | 32 +++++++++++++++++++++++--------
1 file changed, 24 insertions(+), 8 deletions(-)
New commits:
commit 5f14af25186ea3c68fafecf034a0563da6fca187
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Thu May 8 15:10:52 2014 -0400
Ticket 47793 - Server crashes if uniqueMember is invalid syntax and memberOf
plugin is enabled.
Bug Description: MemberOf assumes the DN value has the correct syntax, and
does not check the normalized value of that DN. This
leads to dereferencing a NULL pointer and crash.
Fix Description: Check the normalized value, and log a proper error.
https://fedorahosted.org/389/ticket/47793
Reviewed by: nhosoi(Thanks!)
(cherry picked from commit 6816e1155b28fb65fe294099336c4acbbac8ad77)
diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
index 49e0d7a..19fb8a5 100644
--- a/ldap/servers/plugins/memberof/memberof.c
+++ b/ldap/servers/plugins/memberof/memberof.c
@@ -1101,17 +1101,33 @@ memberof_modop_one_replace_r(Slapi_PBlock *pb, MemberOfConfig *config,
Slapi_Entry *e = 0;
memberofstringll *ll = 0;
char *op_str = 0;
- const char *op_to = slapi_sdn_get_ndn(op_to_sdn);
- const char *op_this = slapi_sdn_get_ndn(op_this_sdn);
- Slapi_Value *to_dn_val = slapi_value_new_string(op_to);
- Slapi_Value *this_dn_val = slapi_value_new_string(op_this);
-
- if(this_dn_val == NULL || to_dn_val == NULL){
+ const char *op_to;
+ const char *op_this;
+ Slapi_Value *to_dn_val = NULL;
+ Slapi_Value *this_dn_val = NULL;
+
+ op_to = slapi_sdn_get_ndn(op_to_sdn);
+ op_this = slapi_sdn_get_ndn(op_this_sdn);
+
+ /* Make sure we have valid DN's for the group(op_this) and the new member(op_to) */
+ if(op_to && op_this){
+ to_dn_val = slapi_value_new_string(op_to);
+ this_dn_val = slapi_value_new_string(op_this);
+ }
+ if(to_dn_val == NULL){
+ const char *udn = op_to_sdn ? slapi_sdn_get_udn(op_to_sdn) : "";
slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
- "memberof_modop_one_replace_r: failed to get DN values (NULL)\n");
+ "memberof_modop_one_replace_r: failed to get DN value from "
+ "member value (%s)\n", udn);
+ goto bail;
+ }
+ if(this_dn_val == NULL){
+ const char *udn = op_this_sdn ? slapi_sdn_get_udn(op_this_sdn) : "";
+ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
+ "memberof_modop_one_replace_r: failed to get DN value from "
+ "group (%s)\n", udn);
goto bail;
}
-
/* op_this and op_to are both case-normalized */
slapi_value_set_flags(this_dn_val, SLAPI_ATTR_FLAG_NORMALIZED_CIS);
slapi_value_set_flags(to_dn_val, SLAPI_ATTR_FLAG_NORMALIZED_CIS);
8 years, 10 months
Branch '389-ds-base-1.3.1' - ldap/servers
by Mark Reynolds
ldap/servers/plugins/memberof/memberof.c | 25 ++++++++++++++++++-------
1 file changed, 18 insertions(+), 7 deletions(-)
New commits:
commit 887960db50886495ebb6357f05af18156a0b3a98
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Thu May 8 15:10:52 2014 -0400
Ticket 47793 - Server crashes if uniqueMember is invalid syntax and memberOf
plugin is enabled.
Bug Description: MemberOf assumes the DN value has the correct syntax, and
does not check the normalized value of that DN. This
leads to dereferencing a NULL pointer and crash.
Fix Description: Check the normalized value, and log a proper error.
https://fedorahosted.org/389/ticket/47793
Reviewed by: nhosoi(Thanks!)
(cherry picked from commit 6816e1155b28fb65fe294099336c4acbbac8ad77)
diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
index 2bb3ca7..da7b568 100644
--- a/ldap/servers/plugins/memberof/memberof.c
+++ b/ldap/servers/plugins/memberof/memberof.c
@@ -1115,20 +1115,31 @@ memberof_modop_one_replace_r(Slapi_PBlock *pb, MemberOfConfig *config,
char *op_str = 0;
const char *op_to;
const char *op_this;
- Slapi_Value *to_dn_val;
- Slapi_Value *this_dn_val;
+ Slapi_Value *to_dn_val = NULL;
+ Slapi_Value *this_dn_val = NULL;
op_to = slapi_sdn_get_ndn(op_to_sdn);
op_this = slapi_sdn_get_ndn(op_this_sdn);
- to_dn_val = slapi_value_new_string(op_to);
- this_dn_val = slapi_value_new_string(op_this);
- if(this_dn_val == NULL || to_dn_val == NULL){
+ /* Make sure we have valid DN's for the group(op_this) and the new member(op_to) */
+ if(op_to && op_this){
+ to_dn_val = slapi_value_new_string(op_to);
+ this_dn_val = slapi_value_new_string(op_this);
+ }
+ if(to_dn_val == NULL){
+ const char *udn = op_to_sdn ? slapi_sdn_get_udn(op_to_sdn) : "";
slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
- "memberof_modop_one_replace_r: failed to get DN values (NULL)\n");
+ "memberof_modop_one_replace_r: failed to get DN value from "
+ "member value (%s)\n", udn);
+ goto bail;
+ }
+ if(this_dn_val == NULL){
+ const char *udn = op_this_sdn ? slapi_sdn_get_udn(op_this_sdn) : "";
+ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
+ "memberof_modop_one_replace_r: failed to get DN value from"
+ "group (%s)\n", udn);
goto bail;
}
-
/* op_this and op_to are both case-normalized */
slapi_value_set_flags(this_dn_val, SLAPI_ATTR_FLAG_NORMALIZED_CIS);
slapi_value_set_flags(to_dn_val, SLAPI_ATTR_FLAG_NORMALIZED_CIS);
8 years, 10 months
Branch '389-ds-base-1.3.2' - ldap/servers
by Mark Reynolds
ldap/servers/plugins/memberof/memberof.c | 25 ++++++++++++++++++-------
1 file changed, 18 insertions(+), 7 deletions(-)
New commits:
commit 28fb2192100b11ce024220810f287cea0ce76b43
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Thu May 8 15:10:52 2014 -0400
Ticket 47793 - Server crashes if uniqueMember is invalid syntax and memberOf
plugin is enabled.
Bug Description: MemberOf assumes the DN value has the correct syntax, and
does not check the normalized value of that DN. This
leads to dereferencing a NULL pointer and crash.
Fix Description: Check the normalized value, and log a proper error.
https://fedorahosted.org/389/ticket/47793
Reviewed by: nhosoi(Thanks!)
(cherry picked from commit 6816e1155b28fb65fe294099336c4acbbac8ad77)
diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
index 967f16c..a44f94b 100644
--- a/ldap/servers/plugins/memberof/memberof.c
+++ b/ldap/servers/plugins/memberof/memberof.c
@@ -1142,20 +1142,31 @@ memberof_modop_one_replace_r(Slapi_PBlock *pb, MemberOfConfig *config,
char *op_str = 0;
const char *op_to;
const char *op_this;
- Slapi_Value *to_dn_val;
- Slapi_Value *this_dn_val;
+ Slapi_Value *to_dn_val = NULL;
+ Slapi_Value *this_dn_val = NULL;
op_to = slapi_sdn_get_ndn(op_to_sdn);
op_this = slapi_sdn_get_ndn(op_this_sdn);
- to_dn_val = slapi_value_new_string(op_to);
- this_dn_val = slapi_value_new_string(op_this);
- if(this_dn_val == NULL || to_dn_val == NULL){
+ /* Make sure we have valid DN's for the group(op_this) and the new member(op_to) */
+ if(op_to && op_this){
+ to_dn_val = slapi_value_new_string(op_to);
+ this_dn_val = slapi_value_new_string(op_this);
+ }
+ if(to_dn_val == NULL){
+ const char *udn = op_to_sdn ? slapi_sdn_get_udn(op_to_sdn) : "";
slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
- "memberof_modop_one_replace_r: failed to get DN values (NULL)\n");
+ "memberof_modop_one_replace_r: failed to get DN value from "
+ "member value (%s)\n", udn);
+ goto bail;
+ }
+ if(this_dn_val == NULL){
+ const char *udn = op_this_sdn ? slapi_sdn_get_udn(op_this_sdn) : "";
+ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
+ "memberof_modop_one_replace_r: failed to get DN value from"
+ "group (%s)\n", udn);
goto bail;
}
-
/* op_this and op_to are both case-normalized */
slapi_value_set_flags(this_dn_val, SLAPI_ATTR_FLAG_NORMALIZED_CIS);
slapi_value_set_flags(to_dn_val, SLAPI_ATTR_FLAG_NORMALIZED_CIS);
8 years, 10 months