Ticket #48298 - ns-slapd crash during ipa-replica-manage del

Authored and Committed by nhosoi 3 years ago
    Ticket #48298 - ns-slapd crash during ipa-replica-manage del
    Bug Description: The cause of the problem is rather not a race condition but
    accessing an already freed agreement in a plug-in:
    > The crashed thread is deleting an agreement object, which calls mep_pre_op.
    > It eventually calls op_shared_search with the deleted agreement object with
    > base scope and filter "(|(objectclass=*)(objectclass=ldapsubentry))"
    > Since it is a DSE entry it goes to dse_search, in which it calls agmt_get_
    > replarea and crashes in slapi_sdn_copy by NULL dereference in from SDN...
    Fix Description: This patch adds the check to agmt_get_replarea, in which if
    the agreement is not in the agreement list, it returnes NULL repl area.  When
    the NULL repl area is returned the callers back off with an error.
    Reviewed by rmeggins@redhat.com (Thanks, Rich!)
