5b2efd3 Ticket #48298 - ns-slapd crash during ipa-replica-manage del

Authored and Committed by nhosoi 3 years ago
    Ticket #48298 - ns-slapd crash during ipa-replica-manage del
    Bug Description: The cause of the problem is rather not a race condition but
    accessing an already freed agreement in a plug-in:
    > The crashed thread is deleting an agreement object, which calls mep_pre_op.
    > It eventually calls op_shared_search with the deleted agreement object with
    > base scope and filter "(|(objectclass=*)(objectclass=ldapsubentry))"
    > Since it is a DSE entry it goes to dse_search, in which it calls agmt_get_
    > replarea and crashes in slapi_sdn_copy by NULL dereference in from SDN...
    Fix Description: This patch adds the check to agmt_get_replarea, in which if
    the agreement is not in the agreement list, it returnes NULL repl area.  When
    the NULL repl area is returned the callers back off with an error.
    Reviewed by rmeggins@redhat.com (Thanks, Rich!)
    (cherry picked from commit 3cbdfa613ed8668337213fe9c3c15cf54ce798aa)
    (cherry picked from commit f09eb8c0f8ee315b2a20d6460c975a546207411e)