Blob Blame Raw
From fbbbcda083034031e564e8772affe815f2058047 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Thu, 17 Oct 2019 09:42:02 -0400
Subject: [PATCH] Issue 50636 - Crash during sasl bind

Bug Description:
	Sasl bind registers IO layers (sasl_IoMethods) that will be
	pushed (and called) by the next incoming operation.
	So the next incoming operation should synchronize itself
	with the sasl bind.

Fix Description:
	The call to connection_call_io_layer_callbacks, that pushes
	registered methods, must hold c_mutex so that it let
	a pending sasl bind to fully register the methods.

https://pagure.io/389-ds-base/issue/50636

Reviewed by: Ludwig Krispenz, Mark Reynolds
---
 ldap/servers/slapd/connection.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
index 845a67091..9abd546f9 100644
--- a/ldap/servers/slapd/connection.c
+++ b/ldap/servers/slapd/connection.c
@@ -1585,12 +1585,14 @@ connection_threadmain()
                      */
                     pb_conn->c_anonlimits_set = 1;
                 }
-                PR_ExitMonitor(pb_conn->c_mutex);
-
+                /* must hold c_mutex so that it synchronizes the IO layer push
+                 * with a potential pending sasl bind that is registering the IO layer
+                 */
                 if (connection_call_io_layer_callbacks(pb_conn)) {
                     slapi_log_err(SLAPI_LOG_ERR, "connection_threadmain",
                                   "Could not add/remove IO layers from connection\n");
                 }
+		PR_ExitMonitor(pb_conn->c_mutex);
                 break;
             default:
                 break;
-- 
2.21.0