572649 - DS8.2 crashes on RHEL 4 (corresponding to bob, ber_2 test case)

https://bugzilla.redhat.com/show_bug.cgi?id=572649 Fix Description: There was a chance to jump to error_return before back_txn structure was initialized. In the error handling, the transaction abort is called against the garbage address. Slapi_DN also gets freed without an initialization. Now these variables are initialized first.
author: Noriko Hosoi <nhosoi@redhat.com> 2010-03-11 16:51:26 -0800
committer: Noriko Hosoi <nhosoi@redhat.com> 2010-03-11 16:51:26 -0800
commit: 2b39f92cf4bd22e2091c35b0c92e945423b311ef (patch)
tree: 3b1d5835f04bc942f4cf10245b6da428bcec81b9
parent: dc2f7d061279089651fb56b57183496cf6926fc7 (diff)
download: ds-2b39f92cf4bd22e2091c35b0c92e945423b311ef.tar.gz
ds-2b39f92cf4bd22e2091c35b0c92e945423b311ef.tar.xz
ds-2b39f92cf4bd22e2091c35b0c92e945423b311ef.zip
5 files changed, 15 insertions, 5 deletions
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c
index 11b2fa64..d2d6197e 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_add.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c
@@ -130,6 +130,7 @@ ldbm_back_add( Slapi_PBlock *pb )
 
 	inst = (ldbm_instance *) be->be_instance_info;
 		
+	/* sdn & parentsdn need to be initialized before "goto *_return" */
 	slapi_sdn_init(&sdn);
 	slapi_sdn_init(&parentsdn);
 	
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
index 82241146..98374ee5 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
@@ -100,6 +100,12 @@ ldbm_back_delete( Slapi_PBlock *pb )
 	slapi_pblock_get( pb, SLAPI_OPERATION, &operation );
 	slapi_pblock_get( pb, SLAPI_IS_REPLICATED_OPERATION, &is_replicated_operation );
 	
+	/* sdn & parentsdn need to be initialized before "goto *_return */
+	slapi_sdn_init(&sdn);
+
+	/* dblayer_txn_init needs to be called before "goto error_return" */
+	dblayer_txn_init(li,&txn);
+
 	if (pb->pb_conn)
 	{
 		slapi_log_error (SLAPI_LOG_TRACE, "ldbm_back_delete", "enter conn=%" NSPRIu64 " op=%d\n", pb->pb_conn->c_connid, operation->o_opid);
@@ -125,8 +131,6 @@ ldbm_back_delete( Slapi_PBlock *pb )
 
 	slapi_sdn_init_dn_byref(&sdn,dn);
 
-	dblayer_txn_init(li,&txn);
-
 	/* The dblock serializes writes to the database,
 	 * which reduces deadlocking in the db code,
 	 * which means that we run faster.
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
index 3cda1d80..cf41a64b 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
@@ -226,6 +226,7 @@ ldbm_back_modify( Slapi_PBlock *pb )
 	is_ruv = operation_is_flag_set(operation, OP_FLAG_REPL_RUV);
 	inst = (ldbm_instance *) be->be_instance_info;
 
+	dblayer_txn_init(li,&txn);
 	if (NULL == addr)
 	{
 		goto error_return;
@@ -237,7 +238,6 @@ ldbm_back_modify( Slapi_PBlock *pb )
 		slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message);
 		goto error_return;
 	}
-	dblayer_txn_init(li,&txn);
 
 	/* The dblock serializes writes to the database,
 	 * which reduces deadlocking in the db code,
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
index 5e2b1851..a3f19297 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
@@ -109,6 +109,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
     char ebuf[BUFSIZ];
     CSN *opcsn = NULL;
 
+    /* sdn & parentsdn need to be initialized before "goto *_return" */
     slapi_sdn_init(&dn_newdn);
     slapi_sdn_init(&dn_parentdn);
     
@@ -121,6 +122,9 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
     slapi_pblock_get( pb, SLAPI_IS_REPLICATED_OPERATION, &is_replicated_operation );
     is_fixup_operation = operation_is_flag_set(operation, OP_FLAG_REPL_FIXUP);
 
+    /* dblayer_txn_init needs to be called before "goto error_return" */
+    dblayer_txn_init(li,&txn);
+
     if (pb->pb_conn)
     {
         slapi_log_error (SLAPI_LOG_TRACE, "ldbm_back_modrdn", "enter conn=%" NSPRIu64 " op=%d\n", pb->pb_conn->c_connid, operation->o_opid);
@@ -159,8 +163,6 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
         return( -1 );
     } 
 
-    dblayer_txn_init(li,&txn);
-
     /* The dblock serializes writes to the database,
      * which reduces deadlocking in the db code,
      * which means that we run faster.
diff --git a/ldap/servers/slapd/plugin_syntax.c b/ldap/servers/slapd/plugin_syntax.c
index 80ce12a7..384692db 100644
--- a/ldap/servers/slapd/plugin_syntax.c
+++ b/ldap/servers/slapd/plugin_syntax.c
@@ -335,6 +335,7 @@ slapi_dn_syntax_check(
 
 	/* See if we need to set the error text in the pblock. */
 	if (errp != &errtext[0]) {
+		/* SLAPI_PB_RESULT_TEXT duplicates the text in slapi_pblock_set */
 		slapi_pblock_set( pb, SLAPI_PB_RESULT_TEXT, errtext );
 	}
 
@@ -424,6 +425,7 @@ slapi_entry_syntax_check(
 
 	/* See if we need to set the error text in the pblock. */
 	if (errp != &errtext[0]) {
+		/* SLAPI_PB_RESULT_TEXT duplicates the text in slapi_pblock_set */
 		slapi_pblock_set( pb, SLAPI_PB_RESULT_TEXT, errtext );
 	}
 
@@ -510,6 +512,7 @@ slapi_mods_syntax_check(
 
 	/* See if we need to set the error text in the pblock. */
 	if (errp != &errtext[0]) {
+		/* SLAPI_PB_RESULT_TEXT duplicates the text in slapi_pblock_set */
 		slapi_pblock_set( pb, SLAPI_PB_RESULT_TEXT, errtext );
 	}
author	Noriko Hosoi <nhosoi@redhat.com>	2010-03-11 16:51:26 -0800
committer	Noriko Hosoi <nhosoi@redhat.com>	2010-03-11 16:51:26 -0800
commit	2b39f92cf4bd22e2091c35b0c92e945423b311ef (patch)
tree	3b1d5835f04bc942f4cf10245b6da428bcec81b9
parent	dc2f7d061279089651fb56b57183496cf6926fc7 (diff)
download	ds-2b39f92cf4bd22e2091c35b0c92e945423b311ef.tar.gz ds-2b39f92cf4bd22e2091c35b0c92e945423b311ef.tar.xz ds-2b39f92cf4bd22e2091c35b0c92e945423b311ef.zip