From d50f99476386b6c464884d2d16a688ecafc7fafc Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Jun 05 2014 21:40:08 +0000 Subject: Ticket #47808 - If be_txn plugin fails in ldbm_back_add, adding entry is double freed. Bug description: Backend add ldbm_back_add frees the entry to be added, if the add fails in the be_txn plugins. But the frontend releases the entry when an error is returned from the backend. Fix desxription: When the entry is freed in the backend, set NULL to the pblock SLAPI_ADD_ENTRY to tell the frontend not to free the entry. https://fedorahosted.org/389/ticket/47808 Reviewed by mreynolds@redhat.com (Thank you, Mark!!) --- diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c index fadc56b..875ad22 100644 --- a/ldap/servers/slapd/add.c +++ b/ldap/servers/slapd/add.c @@ -767,10 +767,8 @@ static void op_shared_add (Slapi_PBlock *pb) } else { - /* restore e so we can free it below */ - if (save_e) { - e = save_e; - } + /* PR_ASSERT(!save_e); save_e is supposed to be freed in the backend. */ + e = save_e; if (rc == SLAPI_FAIL_DISKFULL) { operation_out_of_disk_space(); diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c index 582e06a..5be1cd8 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_add.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c @@ -853,7 +853,7 @@ ldbm_back_add( Slapi_PBlock *pb ) slapi_pblock_set(pb, SLAPI_PLUGIN_OPRETURN, ldap_result_code ? &ldap_result_code : &retval); } slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message); - LDAPDebug1Arg(LDAP_DEBUG_ANY, "SLAPI_PLUGIN_BE_TXN_PRE_ADD_FN plugin failed: %d", + LDAPDebug1Arg(LDAP_DEBUG_ANY, "SLAPI_PLUGIN_BE_TXN_PRE_ADD_FN plugin failed: %d\n", ldap_result_code ? ldap_result_code : retval); goto error_return; } @@ -1162,6 +1162,8 @@ error_return: { if (inst) { CACHE_REMOVE(&inst->inst_cache, addingentry); + /* tell frontend not to free this entry */ + slapi_pblock_set(pb, SLAPI_ADD_ENTRY, NULL); } } else