Symptom: In a replicated topology, a authenticated user that have write access on an entry can send a series of operations that crash the server. The crash is due to an access to a already freed buffer. Impact: If the user can reproduce the series of operations the crash is systematic.
git patch file (master) 0001-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
git patch file (master) -- CI test 0002-Ticket-48226-CI-test-added-test-cases-for-ticket-482.patch
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1243970
Reviewed by Rich (Thank you!!)
Pushed to master: 193d79d..f5d2445 master -> master commit a0f8e0f commit f5d2445
Pushed to 389-ds-base-1.3.4: 9109a57..8600a5e 389-ds-base-1.3.4 -> 389-ds-base-1.3.4 commit bdbc81e commit 8600a5e
Pushed to 389-ds-base-1.3.3: 0704386..dfcfa55 389-ds-base-1.3.3 -> 389-ds-base-1.3.3 commit de1b027 commit dfcfa55
A leak was found in the patch 0001-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch​
{{{ ==3150== 32 bytes in 1 blocks are definitely lost in loss record 442 of 1,280 ==3150== at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==3150== by 0x4C61F92: slapi_ch_malloc (ch_malloc.c:113) ==3150== by 0x4C653B1: csnset_add_csn (csnset.c:30) ==3150== by 0x4C6585E: csnset_dup (csnset.c:352) ^^^^^^^^^^ ==3150== by 0x4CE4B35: valueset_update_csn_for_valuearray_ext (valueset.c:1420) ==3150== by 0x4C78A04: entry_delete_present_values_wsi.isra.5 (entrywsi.c:811) ==3150== by 0x4C7923E: entry_apply_mod_wsi (entrywsi.c:911) ==3150== by 0x4C7933E: entry_apply_mods_wsi (entrywsi.c:986) ==3150== by 0xA1A9A97: modify_apply_check_expand.isra.1 (ldbm_modify.c:247) ==3150== by 0xA1AB260: ldbm_back_modify (ldbm_modify.c:626) ==3150== by 0x4C9D4DC: op_shared_modify (modify.c:1054) ==3150== by 0x4C9E846: do_modify (modify.c:387) ==3150== by 0x418610: connection_threadmain (connection.c:619) ==3150== by 0x3A84828C2A: _pt_root (ptthread.c:212) ==3150== by 0x3A79407EE4: start_thread (in /usr/lib64/libpthread-2.18.so) ==3150== by 0x3A790F4D1C: clone (in /usr/lib64/libc-2.18.so) }}}
git patch file (master) -- additinal fix for the memory leak (regression by the previous patch) 0001-Ticket-48226-In-MMR-double-free-coould-occur-under-s.2.patch
Reviewed by Mark (Thank you!!)
Pushed to master: c2e350e..b26ec67 master -> master commit b26ec67
Pushed to 389-ds-base-1.3.4: 5165d58..4a3efc3 389-ds-base-1.3.4 -> 389-ds-base-1.3.4 commit 4a3efc3
Pushed to 389-ds-base-1.3.3: c7ac0ad..2fecc39 389-ds-base-1.3.3 -> 389-ds-base-1.3.3 commit 2fecc39
Metadata Update from @nhosoi: - Issue assigned to nhosoi - Issue set to the milestone: 1.3.3.13
<img alt="0001-Issue-48226-Fix-CI-test.patch" src="/389-ds-base/issue/raw/files/ceac24307f42af2dd3d10b2bf9d33bebf966c04609adc5e27e3cb4fb857c0fa7-0001-Issue-48226-Fix-CI-test.patch" />
Please review patch
Metadata Update from @mreynolds: - Custom field component reset - Custom field reviewstatus adjusted to review (was: ack) - Issue close_status updated to: None (was: Fixed)
ack
Metadata Update from @firstyear: - Custom field reviewstatus adjusted to ack (was: review)
cb7b499..ccfc3c3 master -> master commit ccfc3c3 Author: Mark Reynolds mreynolds@redhat.com Date: Mon Feb 20 21:48:57 2017 -0500
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1557
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix
Login to comment on this ticket.