From de03e7456108de3f3d28c6a5d33926525b70557f Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Thu, 30 Aug 2018 14:28:10 -0400 Subject: [PATCH] Ticket 49932 - Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly Bug Description: We clone a pblock in a psearch search, and under certain error conditions this pblock is freed, but it frees the password policy struct which can lead to a double free when the original pblock is destroyed. Fix Description: During the cloning, set the pwppolicy struct to NULL so the clone allocates its own policy if needed https://pagure.io/389-ds-base/issue/49932 Reviewed by: ? (cherry picked from commit 78fc627accacfa4061ce48977e22301f81ea8d73) --- ldap/servers/slapd/pblock.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c index 4514c3ce6..bc18a7b18 100644 --- a/ldap/servers/slapd/pblock.c +++ b/ldap/servers/slapd/pblock.c @@ -322,6 +322,8 @@ slapi_pblock_clone(Slapi_PBlock *pb) if (pb->pb_intop != NULL) { _pblock_assert_pb_intop(new_pb); *(new_pb->pb_intop) = *(pb->pb_intop); + /* set pwdpolicy to NULL so this clone allocates its own policy */ + new_pb->pb_intop->pwdpolicy = NULL; } if (pb->pb_intplugin != NULL) { _pblock_assert_pb_intplugin(new_pb); -- 2.17.1