[openldap/f16] fix: replication (syncrepl) with TLS causes segfault
jvcelak
jvcelak at fedoraproject.org
Tue Jan 31 17:35:34 UTC 2012
commit 1d993ab8cc9edb455ea8268cc1da6b0d2e0b9200
Author: Jan Vcelak <jvcelak at redhat.com>
Date: Tue Jan 31 18:10:55 2012 +0100
fix: replication (syncrepl) with TLS causes segfault
Resolves: #783431
openldap-nss-deferred-init-copy-params.patch | 125 ++++++++++++++++++++++++++
openldap.spec | 5 +-
2 files changed, 129 insertions(+), 1 deletions(-)
---
diff --git a/openldap-nss-deferred-init-copy-params.patch b/openldap-nss-deferred-init-copy-params.patch
new file mode 100644
index 0000000..7c45e92
--- /dev/null
+++ b/openldap-nss-deferred-init-copy-params.patch
@@ -0,0 +1,125 @@
+Replication (syncrepl) with TLS causes segfault
+
+Upstream ITS: #7136
+Upstrem commit: 4e9926ca9719a0dab8c780d3d2f4cf4bfc03bfdc
+Resolves: #783431
+Author: Jan Vcelak <jvcelak at redhat.com>
+
+diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
+index da230c5..092b59f 100644
+--- a/libraries/libldap/tls_m.c
++++ b/libraries/libldap/tls_m.c
+@@ -1960,6 +1960,66 @@ tlsm_destroy( void )
+ #endif
+ }
+
++static struct ldaptls *
++tlsm_copy_config ( const struct ldaptls *config )
++{
++ struct ldaptls *copy;
++
++ assert(config);
++
++ copy = LDAP_MALLOC(sizeof(*copy));
++ if (!copy)
++ return NULL;
++
++ memset(copy, 0, sizeof(*copy));
++
++ if (config->lt_certfile)
++ copy->lt_certfile = LDAP_STRDUP(config->lt_certfile);
++ if (config->lt_keyfile)
++ copy->lt_keyfile = LDAP_STRDUP(config->lt_keyfile);
++ if (config->lt_dhfile)
++ copy->lt_dhfile = LDAP_STRDUP(config->lt_dhfile);
++ if (config->lt_cacertfile)
++ copy->lt_cacertfile = LDAP_STRDUP(config->lt_cacertfile);
++ if (config->lt_cacertdir)
++ copy->lt_cacertdir = LDAP_STRDUP(config->lt_cacertdir);
++ if (config->lt_ciphersuite)
++ copy->lt_ciphersuite = LDAP_STRDUP(config->lt_ciphersuite);
++ if (config->lt_crlfile)
++ copy->lt_crlfile = LDAP_STRDUP(config->lt_crlfile);
++ if (config->lt_randfile)
++ copy->lt_randfile = LDAP_STRDUP(config->lt_randfile);
++
++ copy->lt_protocol_min = config->lt_protocol_min;
++
++ return copy;
++}
++
++static void
++tlsm_free_config ( struct ldaptls *config )
++{
++ assert(config);
++
++ if (config->lt_certfile)
++ LDAP_FREE(config->lt_certfile);
++ if (config->lt_keyfile)
++ LDAP_FREE(config->lt_keyfile);
++ if (config->lt_dhfile)
++ LDAP_FREE(config->lt_dhfile);
++ if (config->lt_cacertfile)
++ LDAP_FREE(config->lt_cacertfile);
++ if (config->lt_cacertdir)
++ LDAP_FREE(config->lt_cacertdir);
++ if (config->lt_ciphersuite)
++ LDAP_FREE(config->lt_ciphersuite);
++ if (config->lt_crlfile)
++ LDAP_FREE(config->lt_crlfile);
++ if (config->lt_randfile)
++ LDAP_FREE(config->lt_randfile);
++
++ LDAP_FREE(config);
++}
++
+ static tls_ctx *
+ tlsm_ctx_new ( struct ldapoptions *lo )
+ {
+@@ -1971,7 +2031,7 @@ tlsm_ctx_new ( struct ldapoptions *lo )
+ #ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_init( &ctx->tc_refmutex );
+ #endif
+- ctx->tc_config = &lo->ldo_tls_info; /* pointer into lo structure - must have global scope and must not go away before we can do real init */
++ ctx->tc_config = NULL; /* populated later by tlsm_ctx_init */
+ ctx->tc_certdb = NULL;
+ ctx->tc_certname = NULL;
+ ctx->tc_pin_file = NULL;
+@@ -2038,6 +2098,10 @@ tlsm_ctx_free ( tls_ctx *ctx )
+ #ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_destroy( &c->tc_refmutex );
+ #endif
++
++ if ( c->tc_config )
++ tlsm_free_config( c->tc_config );
++
+ LDAP_FREE( c );
+ }
+
+@@ -2048,6 +2112,7 @@ static int
+ tlsm_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
+ {
+ tlsm_ctx *ctx = (tlsm_ctx *)lo->ldo_tls_ctx;
++ ctx->tc_config = tlsm_copy_config(lt);
+ ctx->tc_is_server = is_server;
+
+ return 0;
+@@ -2067,7 +2132,7 @@ tlsm_deferred_ctx_init( void *arg )
+
+ if ( tlsm_deferred_init( ctx ) ) {
+ Debug( LDAP_DEBUG_ANY,
+- "TLS: could perform TLS system initialization.\n",
++ "TLS: could not perform TLS system initialization.\n",
+ 0, 0, 0 );
+ return -1;
+ }
+@@ -2333,6 +2398,9 @@ tlsm_deferred_ctx_init( void *arg )
+ return -1;
+ }
+
++ tlsm_free_config( ctx->tc_config );
++ ctx->tc_config = NULL;
++
+ return 0;
+ }
+
diff --git a/openldap.spec b/openldap.spec
index a0dec3f..50468e3 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -42,6 +42,7 @@ Patch16: openldap-dns-priority.patch
Patch17: openldap-man-ldap-sync.patch
Patch18: openldap-nss-handshake-threadsafe.patch
Patch19: openldap-syncrepl-unset-tls-options.patch
+Patch20: openldap-nss-deferred-init-copy-params.patch
# patches for the evolution library (see README.evolution)
Patch200: openldap-evolution-ntlm.patch
@@ -154,6 +155,7 @@ pushd openldap-%{version}
%patch17 -p1 -b .man-ldap-sync
%patch18 -p1 -b .nss-handshake-threadsafe
%patch19 -p1 -b .syncrepl-unset-tls-options
+%patch20 -p1 -b .nss-deferred-init-copy-params
cp %{_datadir}/libtool/config/config.{sub,guess} build/
@@ -679,8 +681,9 @@ exit 0
%attr(0644,root,root) %{evolution_connector_libdir}/*.a
%changelog
-* Fri Jan 06 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.26-6
+* Tue Jan 31 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.26-6
- fix requires of main package to include %{?_isa}
+- fix: replication (syncrepl) with TLS causes segfault (#783431)
* Thu Oct 06 2011 Jan Vcelak <jvcelak at redhat.com> 2.4.26-5
- rebuild: openldap does not work after libdb rebase (#743824)
More information about the scm-commits
mailing list