https://fedorahosted.org/389/ticket/48298
https://fedorahosted.org/389/attachment/ticket/48298/0001-Ticket-48298-ns-sl...
On 09/29/2015 08:15 AM, 389 Project wrote:
Comment:
Unfortunately, it did not pass the IPA tests.
Bug Description: The cause of the problem is rather not a race condition but accessing an already freed agreement in a plug-in:
The crashed thread is deleting an agreement object, which calls
mep_pre_op.
It eventually calls op_shared_search with the deleted agreement
object with
base scope and filter "(|(objectclass=*)(objectclass=ldapsubentry))" Since it is a DSE entry it goes to dse_search, in which it calls
agmt_get_
replarea and crashes in slapi_sdn_copy by NULL dereference in from SDN...
Fix Description: This patch adds the check to agmt_get_replarea, in which if the agreement is not in the agreement list, it returnes NULL repl area. When the NULL repl area is returned the callers back off with an error.
Thanks, --noriko
389-devel@lists.fedoraproject.org