andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone
Source Code
GIT

Blame 0415-Ticket-48665-Prevent-sefault-in-ldbm_instance_modify.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8-beta-stream-1.4 c8-stream-1.4 c8s-stream-1.4 c8s-stream-ds c9 c9-beta
  1.   c6
  2.   0415-Ticket-48665-Prevent-sefault-in-ldbm_instance_modify.patch
Blob History Raw
dc8c34 
From c7f51115cdb11bf0a0c0e2398a080dd38701e199 Mon Sep 17 00:00:00 2001
dc8c34 
From: William Brown <firstyear@redhat.com>
dc8c34 
Date: Wed, 9 Mar 2016 14:00:42 +1000
dc8c34 
Subject: [PATCH 415/425] Ticket 48665 - Prevent sefault in
dc8c34 
 ldbm_instance_modify_config_entry
dc8c34
dc8c34 
Bug Description:  python ldap sends a mod_delete then a mod_add to the server.
dc8c34 
This causes a segfault in ldbm_instance_modify_config_entry which expects the
dc8c34 
value of the delete operation to exist.
dc8c34
dc8c34 
Fix Description:  If there is no attribute in the delete operation, this now
dc8c34 
passes a NULL to ldbm_config_set, which then rejects the op as NO_SUCH_ATTRIBUTE
dc8c34
dc8c34 
There is an attached test case, which also checks that mod_replace is still
dc8c34 
functional.
dc8c34
dc8c34 
https://fedorahosted.org/389/ticket/48665
dc8c34
dc8c34 
Author: wibrown
dc8c34
dc8c34 
Review by: nhosoi (Thanks!)
dc8c34
dc8c34 
(cherry picked from commit 9134b006948d7d8eeb926655640b7f068fc6724d)
dc8c34 
(cherry picked from commit fa54d0ce631d29343d04b8dcea8ef8d9c235feb3)
dc8c34 
---
dc8c34 
 dirsrvtests/tests/tickets/ticket48665_test.py      | 101 +++++++++++++++++++++
dc8c34 
 .../servers/slapd/back-ldbm/ldbm_instance_config.c |  16 +++-
dc8c34 
 2 files changed, 114 insertions(+), 3 deletions(-)
dc8c34 
 create mode 100644 dirsrvtests/tests/tickets/ticket48665_test.py
dc8c34
dc8c34 
diff --git a/dirsrvtests/tests/tickets/ticket48665_test.py b/dirsrvtests/tests/tickets/ticket48665_test.py
dc8c34 
new file mode 100644
dc8c34 
index 0000000..702319c
dc8c34 
--- /dev/null
dc8c34 
+++ b/dirsrvtests/tests/tickets/ticket48665_test.py
dc8c34 
@@ -0,0 +1,101 @@
dc8c34 
+import os
dc8c34 
+import sys
dc8c34 
+import time
dc8c34 
+import ldap
dc8c34 
+import logging
dc8c34 
+import pytest
dc8c34 
+from lib389 import DirSrv, Entry, tools, tasks
dc8c34 
+from lib389.tools import DirSrvTools
dc8c34 
+from lib389._constants import *
dc8c34 
+from lib389.properties import *
dc8c34 
+from lib389.tasks import *
dc8c34 
+from lib389.utils import *
dc8c34 
+
dc8c34 
+logging.getLogger(__name__).setLevel(logging.DEBUG)
dc8c34 
+log = logging.getLogger(__name__)
dc8c34 
+
dc8c34 
+class TopologyStandalone(object):
dc8c34 
+    def __init__(self, standalone):
dc8c34 
+        standalone.open()
dc8c34 
+        self.standalone = standalone
dc8c34 
+
dc8c34 
+
dc8c34 
+@pytest.fixture(scope="module")
dc8c34 
+def topology(request):
dc8c34 
+    # Creating standalone instance ...
dc8c34 
+    standalone = DirSrv(verbose=False)
dc8c34 
+    args_instance[SER_HOST] = HOST_STANDALONE
dc8c34 
+    args_instance[SER_PORT] = PORT_STANDALONE
dc8c34 
+    args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
dc8c34 
+    args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
dc8c34 
+    args_standalone = args_instance.copy()
dc8c34 
+    standalone.allocate(args_standalone)
dc8c34 
+    instance_standalone = standalone.exists()
dc8c34 
+    if instance_standalone:
dc8c34 
+        standalone.delete()
dc8c34 
+    standalone.create()
dc8c34 
+    standalone.open()
dc8c34 
+
dc8c34 
+    # Delete each instance in the end
dc8c34 
+    def fin():
dc8c34 
+        # This is useful for analysing the test env.
dc8c34 
+        #standalone.db2ldif(bename=DEFAULT_BENAME, suffixes=[DEFAULT_SUFFIX], excludeSuffixes=[], encrypt=False, \
dc8c34 
+        #    repl_data=True, outputfile='%s/ldif/%s.ldif' % (standalone.dbdir,SERVERID_STANDALONE ))
dc8c34 
+        #standalone.clearBackupFS()
dc8c34 
+        #standalone.backupFS()
dc8c34 
+        standalone.delete()
dc8c34 
+    request.addfinalizer(fin)
dc8c34 
+
dc8c34 
+    # Clear out the tmp dir
dc8c34 
+    standalone.clearTmpDir(__file__)
dc8c34 
+
dc8c34 
+    return TopologyStandalone(standalone)
dc8c34 
+
dc8c34 
+
dc8c34 
+def test_ticket48665(topology):
dc8c34 
+    """
dc8c34 
+    This tests deletion of certain cn=config values.
dc8c34 
+
dc8c34 
+    First, it should be able to delete, and not crash the server.
dc8c34 
+
dc8c34 
+    Second, we might be able to delete then add to replace values.
dc8c34 
+
dc8c34 
+    We should also still be able to mod replace the values and keep the server alive.
dc8c34 
+    """
dc8c34 
+    #topology.standalone.config.enable_log('audit')
dc8c34 
+    #topology.standalone.config.enable_log('auditfail')
dc8c34 
+    # This will trigger a mod delete then add.
dc8c34 
+    try:
dc8c34 
+        modlist = [(ldap.MOD_DELETE, 'nsslapd-cachememsize', None), (ldap.MOD_ADD, 'nsslapd-cachememsize', '1')]
dc8c34 
+        topology.standalone.modify_s("cn=%s,cn=ldbm database,cn=plugins,cn=config" % DEFAULT_BENAME,
dc8c34 
+            modlist)
dc8c34 
+    except:
dc8c34 
+        pass
dc8c34 
+    # Check the server has not commited seppuku.
dc8c34 
+    result = topology.standalone.whoami_s()
dc8c34 
+    assert(DN_DM.lower() in result.lower())
dc8c34 
+
dc8c34 
+    # This has a magic hack to determine if we are in cn=config.
dc8c34 
+    topology.standalone.backend.setProperties(bename=DEFAULT_BENAME,
dc8c34 
+        prop='nsslapd-cachememsize', values='1')
dc8c34 
+    # Check the server has not commited seppuku.
dc8c34 
+    result = topology.standalone.whoami_s()
dc8c34 
+    assert(DN_DM.lower() in result.lower())
dc8c34 
+
dc8c34 
+    # Now try with mod_replace. This should be okay.
dc8c34 
+
dc8c34 
+    modlist = [(ldap.MOD_REPLACE, 'nsslapd-cachememsize', '1')]
dc8c34 
+    topology.standalone.modify_s("cn=%s,cn=ldbm database,cn=plugins,cn=config" % DEFAULT_BENAME,
dc8c34 
+        modlist)
dc8c34 
+    # Check the server has not commited seppuku.
dc8c34 
+    result = topology.standalone.whoami_s()
dc8c34 
+    assert(DN_DM.lower() in result.lower())
dc8c34 
+
dc8c34 
+    log.info('Test complete')
dc8c34 
+
dc8c34 
+
dc8c34 
+if __name__ == '__main__':
dc8c34 
+    # Run isolated
dc8c34 
+    # -s for DEBUG mode
dc8c34 
+    CURRENT_FILE = os.path.realpath(__file__)
dc8c34 
+    pytest.main("-s %s" % CURRENT_FILE)
dc8c34 
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c b/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c
dc8c34 
index 2037618..c269ab3 100644
dc8c34 
--- a/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c
dc8c34 
+++ b/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c
dc8c34 
@@ -789,9 +789,19 @@ ldbm_instance_modify_config_entry_callback(Slapi_PBlock *pb, Slapi_Entry* entryB
dc8c34 
             }
dc8c34
dc8c34 
         /* This assumes there is only one bval for this mod. */
dc8c34 
-            rc = ldbm_config_set((void *) inst, attr_name,
dc8c34 
-                ldbm_instance_config, mods[i]->mod_bvalues[0], returntext,
dc8c34 
-                CONFIG_PHASE_RUNNING, apply_mod, mods[i]->mod_op);
dc8c34 
+            if (mods[i]->mod_bvalues == NULL) {
dc8c34 
+                /* This avoids the null pointer deref.
dc8c34 
+                 * In ldbm_config.c ldbm_config_set, it checks for the NULL.
dc8c34 
+                 * If it's a NULL, we get NO_SUCH_ATTRIBUTE error.
dc8c34 
+                 */
dc8c34 
+                rc = ldbm_config_set((void *) inst, attr_name,
dc8c34 
+                    ldbm_instance_config, NULL, returntext,
dc8c34 
+                    CONFIG_PHASE_RUNNING, apply_mod, mods[i]->mod_op);
dc8c34 
+            } else {
dc8c34 
+                rc = ldbm_config_set((void *) inst, attr_name,
dc8c34 
+                    ldbm_instance_config, mods[i]->mod_bvalues[0], returntext,
dc8c34 
+                    CONFIG_PHASE_RUNNING, apply_mod, mods[i]->mod_op);
dc8c34 
+            }
dc8c34 
         }
dc8c34 
     }
dc8c34
dc8c34 
--
dc8c34 
2.9.3
dc8c34

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation