From d1d6245d6ab894cf56e2529cb5c5dc941f4843cd Mon Sep 17 00:00:00 2001 From: Ludwig Krispenz Date: Jun 24 2013 08:19:53 +0000 Subject: Ticket 47396 - crash on modrdn of tombstone Bug Description: a client modrdn operation on a tombstone entry can crash the server Fix Description: client modrdns and modifies on tombstone entries should not be accepted. Tombstones aer internally kept for eventual conflict resolution, normal clients should not touch them. an exception would be to force purging of tombstones or a kind of "undo" for a delete, which could resurrect a tombstone, but this is not in the scope of this ticket https://fedorahosted.org/389/ticket/47396 Reviewed by: Rich, thanks --- diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c index 5c9585f..ca66b71 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c @@ -407,6 +407,13 @@ ldbm_back_modify( Slapi_PBlock *pb ) if ( !is_fixup_operation ) { + if (slapi_entry_flag_is_set(e->ep_entry, SLAPI_ENTRY_FLAG_TOMBSTONE) ) { + ldap_result_code = LDAP_UNWILLING_TO_PERFORM; + ldap_result_message = "Operation not allowed on tombstone entry."; + slapi_log_error(SLAPI_LOG_FATAL, "ldbm_back_modify", + "Attempt to modify a tombstone entry %s\n", slapi_sdn_get_dn(slapi_entry_get_sdn_const( e->ep_entry ))); + goto error_return; + } opcsn = operation_get_csn (operation); if (NULL == opcsn && operation->o_csngen_handler) { diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c index 69fc053..13514fb 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c @@ -352,6 +352,13 @@ ldbm_back_modrdn( Slapi_PBlock *pb ) goto error_return; /* error result sent by find_entry2modify() */ } e_in_cache = 1; /* e is in the cache and locked */ + if (slapi_entry_flag_is_set(e->ep_entry, SLAPI_ENTRY_FLAG_TOMBSTONE) ) { + ldap_result_code = LDAP_UNWILLING_TO_PERFORM; + ldap_result_message = "Operation not allowed on tombstone entry."; + slapi_log_error(SLAPI_LOG_FATAL, "ldbm_back_modrdn", + "Attempt to rename a tombstone entry %s\n", slapi_sdn_get_dn(slapi_entry_get_sdn_const( e->ep_entry ))); + goto error_return; + } /* Check that an entry with the same DN doesn't already exist. */ { Slapi_Entry *entry;