From 01426a0ecc6fd62ed74e0f606a56a80da9fc2a6b Mon Sep 17 00:00:00 2001 From: Rich Megginson Date: Thu, 19 Feb 2009 21:28:01 +0000 Subject: Resolves: bug 486191 Bug Description: slapd hang during cs80 cloning setup. Reviewed by: nhosoi (Thanks!) Fix Description: If replication code attempts to add the RUV entry during replica configuration, and the add operation returns an error, the code will attempt to free the entry. This causes a double free. Internal add operations always consume and free the entry, success or failure. The solution is to set the entry to NULL just after adding it so the clean up code will not be able to free it again. Platforms tested: RHEL5 Flag Day: no Doc impact: no --- ldap/servers/plugins/replication/repl5_replica.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'ldap/servers') diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c index 0a54c62c..30b7ee9c 100644 --- a/ldap/servers/plugins/replication/repl5_replica.c +++ b/ldap/servers/plugins/replication/repl5_replica.c @@ -2654,7 +2654,7 @@ replica_create_ruv_tombstone(Replica *r) { int return_value = LDAP_LOCAL_ERROR; char *root_entry_str; - Slapi_Entry *e; + Slapi_Entry *e = NULL; const char *purl = NULL; RUV *ruv; struct berval **bvals = NULL; @@ -2744,15 +2744,13 @@ replica_create_ruv_tombstone(Replica *r) OP_FLAG_TOMBSTONE_ENTRY | OP_FLAG_REPLICATED | OP_FLAG_REPL_FIXUP | OP_FLAG_REPL_RUV); slapi_add_internal_pb(pb); + e = NULL; /* add consumes e, upon success or failure */ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &return_value); if (return_value == LDAP_SUCCESS) r->repl_ruv_dirty = PR_FALSE; done: - if (return_value != LDAP_SUCCESS) - { - slapi_entry_free (e); - } + slapi_entry_free (e); if (bvals) ber_bvecfree(bvals); -- cgit