[389-devel] Please review: [389 Project] #47707: 389 DS Server crashes and dies while handles paged searches from clients
Noriko Hosoi
nhosoi at redhat.com
Wed Apr 30 01:05:44 UTC 2014
https://fedorahosted.org/389/ticket/47707
https://fedorahosted.org/389/attachment/ticket/47707/0001-Ticket-47707-389-DS-Server-crashes-and-dies-while-ha.patch
Bug Description: If a simple paged search request was sent to the server
and the request was abandoned, the paged result slot in the connection
table was not properly released by setting NULL to pr_current_be. Since
the slot did not look available for the next request even though it was,
the next request failed to get the valid slot number, and the initial slot
number -1 failed to be replaced with the real slot number. Until the fix
for "Ticket #47623 fix memleak caused by 47347" was made, it overrode the
allocated array's [-1] location, which usually stores the meta data of the
allocated memory. That crashed the server in the next realloc since the
corrupted memory was passed to the function.
Fix Description: This patch cleans up the abandoned/cleaned up slot for
reuse. Also, more check not to break the meta data is added.
Special thanks to German Parente (gparente at redhat.com) for providing the
reproducer and analysing the crash.
More information about the 389-devel
mailing list