From bc41bbb89405b2059b80e344b2d4c59ae39aabe6 Mon Sep 17 00:00:00 2001 From: tbordaz Date: Thu, 10 Jun 2021 15:03:27 +0200 Subject: [PATCH 1/3] Issue 4797 - ACL IP ADDRESS evaluation may corrupt c_isreplication_session connection flags (#4799) Bug description: The fix for ticket #3764 was broken with a missing break in a switch. The consequence is that while setting the client IP address in the pblock (SLAPI_CONN_CLIENTNETADDR_ACLIP), the connection is erroneously set as replication connection. This can lead to crash or failure of testcase test_access_from_certain_network_only_ip. This bug was quite hidden until the fix for #4764 is showing it more frequently Fix description: Add the missing break relates: https://github.com/389ds/389-ds-base/issues/4797 Reviewed by: Mark Reynolds Platforms tested: F33 --- ldap/servers/slapd/pblock.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c index fcac53839..a64986aeb 100644 --- a/ldap/servers/slapd/pblock.c +++ b/ldap/servers/slapd/pblock.c @@ -2595,7 +2595,7 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value) pblock->pb_conn->c_authtype = slapi_ch_strdup((char *)value); pthread_mutex_unlock(&(pblock->pb_conn->c_mutex)); break; - case SLAPI_CONN_CLIENTNETADDR_ACLIP: + case SLAPI_CONN_CLIENTNETADDR_ACLIP: if (pblock->pb_conn == NULL) { break; } @@ -2603,6 +2603,7 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value) slapi_ch_free((void **)&pblock->pb_conn->cin_addr_aclip); pblock->pb_conn->cin_addr_aclip = (PRNetAddr *)value; pthread_mutex_unlock(&(pblock->pb_conn->c_mutex)); + break; case SLAPI_CONN_IS_REPLICATION_SESSION: if (pblock->pb_conn == NULL) { slapi_log_err(SLAPI_LOG_ERR, -- 2.31.1