|
 |
6e8815 |
From 1bb5fd7fac9c5b93d3dfb8b8a2a648e238a158bc Mon Sep 17 00:00:00 2001
|
|
|
6e8815 |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
6e8815 |
Date: Thu, 30 Aug 2018 14:28:10 -0400
|
|
|
6e8815 |
Subject: [PATCH] Ticket 49932 - Crash in delete_passwdPolicy when persistent
|
|
|
6e8815 |
search connections are terminated unexpectedly
|
|
|
6e8815 |
|
|
|
6e8815 |
Bug Description: We clone a pblock in a psearch search, and under certain
|
|
|
6e8815 |
error conditions this pblock is freed, but it frees the
|
|
|
6e8815 |
password policy struct which can lead to a double free
|
|
|
6e8815 |
when the original pblock is destroyed.
|
|
|
6e8815 |
|
|
|
6e8815 |
Fix Description: During the cloning, set the pwppolicy struct to NULL
|
|
|
6e8815 |
so the clone allocates its own policy if needed
|
|
|
6e8815 |
|
|
|
6e8815 |
https://pagure.io/389-ds-base/issue/49932
|
|
|
6e8815 |
|
|
|
6e8815 |
Reviewed by: ?
|
|
|
6e8815 |
|
|
|
6e8815 |
(cherry picked from commit 78fc627accacfa4061ce48977e22301f81ea8d73)
|
|
|
6e8815 |
---
|
|
|
6e8815 |
ldap/servers/slapd/pblock.c | 2 ++
|
|
|
6e8815 |
1 file changed, 2 insertions(+)
|
|
|
6e8815 |
|
|
|
6e8815 |
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
|
|
|
6e8815 |
index 4514c3ce6..bc18a7b18 100644
|
|
|
6e8815 |
--- a/ldap/servers/slapd/pblock.c
|
|
|
6e8815 |
+++ b/ldap/servers/slapd/pblock.c
|
|
|
6e8815 |
@@ -322,6 +322,8 @@ slapi_pblock_clone(Slapi_PBlock *pb)
|
|
|
6e8815 |
if (pb->pb_intop != NULL) {
|
|
|
6e8815 |
_pblock_assert_pb_intop(new_pb);
|
|
|
6e8815 |
*(new_pb->pb_intop) = *(pb->pb_intop);
|
|
|
6e8815 |
+ /* set pwdpolicy to NULL so this clone allocates its own policy */
|
|
|
6e8815 |
+ new_pb->pb_intop->pwdpolicy = NULL;
|
|
|
6e8815 |
}
|
|
|
6e8815 |
if (pb->pb_intplugin != NULL) {
|
|
|
6e8815 |
_pblock_assert_pb_intplugin(new_pb);
|
|
|
6e8815 |
--
|
|
|
6e8815 |
2.17.1
|
|
|
6e8815 |
|