ldap/servers/slapd/back-ldbm/dblayer.c | 8 +++++++-
ldap/servers/slapd/back-ldbm/ldbm_attr.c | 4 ++++
ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 5 +++--
ldap/servers/slapd/main.c | 1 +
ldap/servers/slapd/slap.h | 5 +++++
5 files changed, 20 insertions(+), 3 deletions(-)
New commits:
commit 99176404bfe76ee9fcf48b8b28750ec3979ec020
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Wed Sep 28 15:28:28 2016 -0700
Ticket #48987 - Heap use after free in dblayer_close_indexes
Description: Once an attribute info is deleted, its backpointer
dblayer_handle_ai_backpointer in the dblayer handle needs to be
set to NULL not to access the address again. We also need to set
this to null from within the dblayer_close_indexes because there
is no guarantee on the order that we free the handle or the
attrinfo.
https://fedorahosted.org/389/ticket/48987
Author: nhosoi, wibrown
Review: nhosoi (Thanks!)
diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c
b/ldap/servers/slapd/back-ldbm/dblayer.c
index 4bcc4a2..56792c3 100644
--- a/ldap/servers/slapd/back-ldbm/dblayer.c
+++ b/ldap/servers/slapd/back-ldbm/dblayer.c
@@ -2493,7 +2493,13 @@ int dblayer_close_indexes(backend *be)
pDB = handle->dblayer_dbp;
return_value |= pDB->close(pDB,0);
next = handle->dblayer_handle_next;
- *((dblayer_handle **)handle->dblayer_handle_ai_backpointer) = NULL;
+ /* If the backpointer is still valid, NULL the attrinfos ref to us
+ * This is important as there is no ordering guarantee between if the
+ * handle or the attrinfo is freed first!
+ */
+ if (handle->dblayer_handle_ai_backpointer) {
+ *((dblayer_handle **)handle->dblayer_handle_ai_backpointer) = NULL;
+ }
slapi_ch_free((void**)&handle);
}
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_attr.c
b/ldap/servers/slapd/back-ldbm/ldbm_attr.c
index 30b0f2a..331554e 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_attr.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_attr.c
@@ -59,6 +59,10 @@ attrinfo_delete(struct attrinfo **pp)
slapi_ch_free((void**)&((*pp)->ai_attrcrypt));
attr_done(&((*pp)->ai_sattr));
attrinfo_delete_idlistinfo(&(*pp)->ai_idlistinfo);
+ if ((*pp)->ai_dblayer) {
+ /* attriinfo is deleted. Cleaning up the backpointer at the same time. */
+ ((dblayer_handle *)((*pp)->ai_dblayer))->dblayer_handle_ai_backpointer
= NULL;
+ }
slapi_ch_free((void**)pp);
*pp= NULL;
}
commit beb217ed410738ba466c2d0cb015ab8c907617c0
Author: William Brown <firstyear(a)redhat.com>
Date: Tue Nov 8 16:30:01 2016 +1000
Ticket 48945 - Improve db2ldif error message.
Bug Description: When db2ldif fails, because the command is run as root it
confuses the admin when it gets permission denied.
Fix Description: Flag that we are running as the dirsrv user.
https://fedorahosted.org/389/ticket/48945
Author: wibrown
Review by: nhosoi (Thanks!)
diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
index f9de439..f8fed7c 100644
--- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
+++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
@@ -1259,8 +1259,9 @@ ldbm_back_ldbm2ldif( Slapi_PBlock *pb )
SLAPD_DEFAULT_FILE_MODE);
}
if (fd < 0) {
- slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_ldbm2ldif", "db2ldif:
can't open %s: %d (%s)\n",
- fname, errno, dblayer_strerror(errno));
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+ slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_ldbm2ldif", "db2ldif:
can't open %s: %d (%s) while running as user \"%s\"\n",
+ fname, errno, dblayer_strerror(errno),
slapdFrontendConfig->localuserinfo->pw_name);
return_value = -1;
goto bye;
}
diff --git a/ldap/servers/slapd/main.c b/ldap/servers/slapd/main.c
index 7b7a5ed..158d49d 100644
--- a/ldap/servers/slapd/main.c
+++ b/ldap/servers/slapd/main.c
@@ -234,6 +234,7 @@ fix_ownership(void)
return;
}
+ /* Provided the dse.ldif was read, this should never happen .... */
if (slapdFrontendConfig->localuserinfo == NULL) {
pw = getpwnam( slapdFrontendConfig->localuser );
if ( NULL == pw ) {
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index 674da83..f98c7b5 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -118,6 +118,11 @@ typedef struct symbol_t {
#include "csngen.h"
#include "uuid.h"
+/* Because we provide getFrontendConfig, and that contains localuserinfo, we
+ * need to provide pwd.h to allow resolution of the passwd struct.
+ */
+#include <pwd.h>
+
#ifdef ENABLE_NUNC_STANS
#include <nunc-stans/nunc-stans.h>
#endif