From 188c0e5bd7c9cd90319a1cee29101a9fa3e90564 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Thu, 5 Sep 2013 09:26:43 +0200 Subject: mmap_cache: Do not remove record from chain twice It is not very likely, that record will have the same hash1 and hash2, but it is possible. In this situation, it does not make sense to remove record twice. Function sss_mc_rm_rec_from_chain was not robust and sssd_nss could crash in this situation. It was only possible if record was alone in chain. Resolves: https://fedorahosted.org/sssd/ticket/2049 --- src/responder/nss/nsssrv_mmap_cache.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src') diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c index 673ab1a5a..7645fa49e 100644 --- a/src/responder/nss/nsssrv_mmap_cache.c +++ b/src/responder/nss/nsssrv_mmap_cache.c @@ -234,6 +234,12 @@ static void sss_mc_rm_rec_from_chain(struct sss_mc_ctx *mcc, } slot = mcc->hash_table[hash]; + if (slot == MC_INVALID_VAL) { + /* record has already been removed. It may happen if rec->hash1 and + * rec->has2 are the same. (It is not very likely). + */ + return; + } cur = MC_SLOT_TO_PTR(mcc->data_table, slot, struct sss_mc_rec); if (cur == rec) { /* rec->next can refer to record without matching hashes. -- cgit