5b2efd3 Ticket #48298 - ns-slapd crash during ipa-replica-manage del

Authored and Committed by nhosoi 3 years ago
    Ticket #48298 - ns-slapd crash during ipa-replica-manage del
    
    Bug Description: The cause of the problem is rather not a race condition but
    accessing an already freed agreement in a plug-in:
    > The crashed thread is deleting an agreement object, which calls mep_pre_op.
    > It eventually calls op_shared_search with the deleted agreement object with
    > base scope and filter "(|(objectclass=*)(objectclass=ldapsubentry))"
    > Since it is a DSE entry it goes to dse_search, in which it calls agmt_get_
    > replarea and crashes in slapi_sdn_copy by NULL dereference in from SDN...
    
    Fix Description: This patch adds the check to agmt_get_replarea, in which if
    the agreement is not in the agreement list, it returnes NULL repl area.  When
    the NULL repl area is returned the callers back off with an error.
    
    https://fedorahosted.org/389/ticket/48298
    
    Reviewed by rmeggins@redhat.com (Thanks, Rich!)
    
    (cherry picked from commit 3cbdfa613ed8668337213fe9c3c15cf54ce798aa)
    (cherry picked from commit f09eb8c0f8ee315b2a20d6460c975a546207411e)