From f3cc6db2fc9d04743cbeb147acc41ecdffbdfbf0 Mon Sep 17 00:00:00 2001

From: Noriko Hosoi <nhosoi@redhat.com>

Date: Wed, 3 Jun 2015 12:12:54 -0700

Subject: [PATCH 330/333] Ticket #48149 - ns-slapd double free or corruption

 crash

Description: coverity defect: 2. Defect type: FORWARD_NULL

If mempstat is issued while an online import is running, it'd crash

the server.

https://fedorahosted.org/389/ticket/48149

Reviewed by rmeggins@redhat.com (Thank you, Rich!!)

(cherry picked from commit 608fcdfcd792e351edfc12cf89c2c9c6fc2a56d0)

---

 ldap/servers/slapd/back-ldbm/dblayer.c | 10 ++++++----

 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c b/ldap/servers/slapd/back-ldbm/dblayer.c

index 031523c..228fdea 100644

--- a/ldap/servers/slapd/back-ldbm/dblayer.c

+++ b/ldap/servers/slapd/back-ldbm/dblayer.c

@@ -4769,22 +4769,24 @@ int dblayer_memp_stat_instance(ldbm_instance *inst, DB_MPOOL_STAT **gsp,

 {

     DB_ENV *env = NULL;

     dblayer_private *priv = NULL;

+    struct dblayer_private_env *dblayerenv;

     int rc;

     PR_ASSERT(NULL != inst);

     if (inst->import_env->dblayer_DB_ENV) {

-        env = inst->import_env->dblayer_DB_ENV;

+        dblayerenv = inst->import_env;

     } else {

         priv = (dblayer_private *)inst->inst_li->li_dblayer_private;

         PR_ASSERT(NULL != priv);

-        env = priv->dblayer_env->dblayer_DB_ENV;

+        dblayerenv = priv->dblayer_env;

     }

+    env = dblayerenv->dblayer_DB_ENV;

     PR_ASSERT(NULL != env);

-    slapi_rwlock_wrlock(priv->dblayer_env->dblayer_env_lock);

+    slapi_rwlock_wrlock(dblayerenv->dblayer_env_lock);

     rc = MEMP_STAT(env, gsp, fsp, 0, (void *)slapi_ch_malloc);

-    slapi_rwlock_unlock(priv->dblayer_env->dblayer_env_lock);

+    slapi_rwlock_unlock(dblayerenv->dblayer_env_lock);

     return rc;

 }

-- 

1.9.3