389-ds-base

Clone
Source Code
GIT

#49291 slapi_search_internal_callback_pb may SIGSEV if related pblock has not operation set
Closed: wontfix 6 years ago Opened 6 years ago by tbordaz.

Closed: wontfix
Reopen Issue

Issue Description

If slapi_search_internal_set_pb is called with a NULL 'base', the pblock does not contain operation/plugin_identity....

If the caller of slapi_search_internal_set_pb does not detect that before calling slapi_search_internal_callback_pb, then the thread is not 'allowed _operation' and call send_ldap_result_ext with pblock->pb_op being NULL => SIGSEV

Package Version and Platform

All version

Steps to reproduce

  1. Not easy, it would require a plugin that for some reason call slapi_search_internal_set_pb with an empty 'base'

Actual results

DS crash with a backtrack similar to the BZ

Expected results

send_ldap_result_ext should check pb_op before dereferencing it

Metadata Update from @tbordaz:
- Custom field origin adjusted to IPA
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1461437
- Custom field type adjusted to defect
6 years ago

Metadata Update from @mreynolds:
- Issue set to the milestone: 1.3.6.0
6 years ago

Metadata Update from @tbordaz:
- Custom field reviewstatus adjusted to review
6 years ago

Metadata Update from @mreynolds:
- Custom field reviewstatus adjusted to ack (was: review)
6 years ago 
Counting objects: 6, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 954 bytes | 0 bytes/s, done.
Total 6 (delta 4), reused 0 (delta 0)
To ssh://git@pagure.io/389-ds-base.git
   d42024e..ab81048  master -> master

Metadata Update from @tbordaz:
- Custom field reviewstatus adjusted to review (was: ack)
6 years ago

Metadata Update from @tbordaz:
- Issue assigned to tbordaz
6 years ago

Metadata Update from @tbordaz:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
6 years ago

Thierry can you also commit this to the 1.3.6 branch please?

oppss sorry Mark

git push origin 389-ds-base-1.3.6
Counting objects: 6, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 957 bytes | 0 bytes/s, done.
Total 6 (delta 4), reused 0 (delta 0)
To ssh://git@pagure.io/389-ds-base.git
6bd1b7d..1a57b1d 389-ds-base-1.3.6 -> 389-ds-base-1.3.6

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/2350

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: fixed)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
review
IPA
Attachments 1
0001-Ticket-49291-slapi_search_internal_callback_p...
Attached 6 years ago View Comment
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.