From e5697f32aba3987d8e1f23d7e21d1b87ce47a7eb Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Thu, 5 Sep 2013 09:26:43 +0200 Subject: mmap_cache: Do not remove record from chain twice It is not very likely, that record will have the same hash1 and hash2, but it is possible. In this situation, it does not make sense to remove record twice. Function sss_mc_rm_rec_from_chain was not robust and sssd_nss could crash in this situation. It was only possible if record was alone in chain. Resolves: https://fedorahosted.org/sssd/ticket/2049 --- src/responder/nss/nsssrv_mmap_cache.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c index 1d35c134d..eaffc3b3e 100644 --- a/src/responder/nss/nsssrv_mmap_cache.c +++ b/src/responder/nss/nsssrv_mmap_cache.c @@ -234,6 +234,12 @@ static void sss_mc_rm_rec_from_chain(struct sss_mc_ctx *mcc, } slot = mcc->hash_table[hash]; + if (slot == MC_INVALID_VAL) { + /* record has already been removed. It may happen if rec->hash1 and + * rec->has2 are the same. (It is not very likely). + */ + return; + } cur = MC_SLOT_TO_PTR(mcc->data_table, slot, struct sss_mc_rec); if (cur == rec) { /* rec->next can refer to record without matching hashes. -- cgit