Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Memory corruption in connection-handling code #162

Closed
erthink opened this issue Apr 2, 2018 · 0 comments
Closed

Memory corruption in connection-handling code #162

erthink opened this issue Apr 2, 2018 · 0 comments
Assignees
@erthink
Labels
p2-major

Comments

@erthink
Copy link
Owner

erthink commented Apr 2, 2018

This bug was inherited from OpenLDAP, related to #143.

Due the race condition in the connection-handling code a statistical counters could be updated even the connection was closed and the corresponding memory region allocated for counters is freed.

(gdb) bt
#0  0x00007fa1f30bb428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1  0x00007fa1f30bd02a in __GI_abort () at abort.c:89
#2  0x00007fa1f30b3bd7 in __assert_fail_base (fmt=<optimized out>, assertion=assertion@entry=0x5da49d "ldap: rc == 0", file=file@entry=0x5da492 "posix.c", line=line@entry=370, 
    function=function@entry=0x5daab0 <__FUNCTION__.4382> "ldap_pvt_thread_mutex_lock") at assert.c:92
#3  0x00007fa1f30b3c82 in __GI___assert_fail (assertion=0x5da49d "ldap: rc == 0", file=0x5da492 "posix.c", line=370, function=0x5daab0 <__FUNCTION__.4382> "ldap_pvt_thread_mutex_lock") at assert.c:101
#4  0x000000000050df3c in __ldap_assert_fail (assertion=0x5da49d "ldap: rc == 0", file=0x5da492 "posix.c", line=370, function=0x5daab0 <__FUNCTION__.4382> "ldap_pvt_thread_mutex_lock") at globals.c:194
#5  0x00000000004b3959 in ldap_pvt_thread_mutex_lock (mutex=0x7fa1e0002a08) at posix.c:370
#6  0x00000000004f7378 in slap_send_search_entry (op=0x7fa1e67fc350, rs=0x7fa1e67fc130) at result.c:1456
#7  0x00000000004f07c6 in syncprov_sendresp (mode=2, so=0x7fa1e0103890, ri=0x7fa1e010f5c0, op=0x7fa1e67fc350) at syncprov.c:1139
#8  syncprov_playback_locked (so=0x7fa1e0103890, op=0x7fa1e67fc350) at syncprov.c:1174
#9  syncprov_playback_dequeue (ctx=<optimized out>, arg=0x7fa1e0103890) at syncprov.c:1231
#10 0x000000000043b951 in ldap_int_thread_pool_wrapper (xpool=0x1c40180) at tpool.c:982
#11 0x00007fa1f34576ba in start_thread (arg=0x7fa1e67fd700) at pthread_create.c:333
#12 0x00007fa1f318d41d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

https://github.com/leo-yuriev/ReOpenLDAP/blob/2db6de579a52f283a9c0427901ca7c74e8d89822/servers/slapd/result.c#L1457-L1459
@erthink erthink self-assigned this Apr 2, 2018
@erthink erthink closed this as completed Apr 2, 2018
erthink added a commit that referenced this issue Apr 3, 2018
@erthink
slapd: fix memory corruption in connection-handling code.
e3e4216 
This resolves #162

Change-Id: I68c246041a537b37bf3f45b27015919cf0885d18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@erthink erthink

Labels
p2-major
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@erthink