From bb3ac5910ad7bce93f1781d0328e752f16c6a552 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Jan 20 2020 14:36:16 +0000
Subject: Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free


Description:  When Disk Monitoring finds that disk space is too low it starts
              freeing up disk space by removing rotated logs.  However the log
              list struct was not properly reset after freeing all the files
              in the list.  This is what allowed the heap-use-after-free to
              occur.

relates: https://pagure.io/389-ds-base/issue/50829

Reviewed by: firstyear(Thanks!)

---

diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c
index 8c62a4b..3500108 100644
--- a/ldap/servers/slapd/log.c
+++ b/ldap/servers/slapd/log.c
@@ -3259,6 +3259,12 @@ log__delete_rotated_logs()
         logp = logp->l_next;
         slapi_ch_free((void **)&prev_log);
     }
+
+    /* reset the log struct */
+    loginfo.log_access_logchain = NULL;
+    loginfo.log_audit_logchain = NULL;
+    loginfo.log_auditfail_logchain = NULL;
+    loginfo.log_error_logchain = NULL;
 }
 
 #define ERRORSLOG 1