572649 - DS8.2 crashes on RHEL 4 (corresponding to bob, ber_2 test case)

https://bugzilla.redhat.com/show_bug.cgi?id=572649

Fix Description: There was a chance to jump to error_return before
back_txn structure was initialized.  In the error handling, the
transaction abort is called against the garbage address.  Slapi_DN
also gets freed without an initialization.  Now these variables
are initialized first.

1 files changed, 4 insertions, 2 deletions

diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
index 5e2b1851..a3f19297 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
@@ -109,6 +109,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
     char ebuf[BUFSIZ];
     CSN *opcsn = NULL;
 
+    /* sdn & parentsdn need to be initialized before "goto *_return" */
     slapi_sdn_init(&dn_newdn);
     slapi_sdn_init(&dn_parentdn);
     
@@ -121,6 +122,9 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
     slapi_pblock_get( pb, SLAPI_IS_REPLICATED_OPERATION, &is_replicated_operation );
     is_fixup_operation = operation_is_flag_set(operation, OP_FLAG_REPL_FIXUP);
 
+    /* dblayer_txn_init needs to be called before "goto error_return" */
+    dblayer_txn_init(li,&txn);
+
     if (pb->pb_conn)
     {
         slapi_log_error (SLAPI_LOG_TRACE, "ldbm_back_modrdn", "enter conn=%" NSPRIu64 " op=%d\n", pb->pb_conn->c_connid, operation->o_opid);
@@ -159,8 +163,6 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
         return( -1 );
     } 
 
-    dblayer_txn_init(li,&txn);
-
     /* The dblock serializes writes to the database,
      * which reduces deadlocking in the db code,
      * which means that we run faster.