Full_Name: Hallvard B Furuseth
Version: HEAD
OS: Linux
URL:
Submission from: (NULL) (129.240.6.233)
Submitted by: hallvard
RFCs 3909 (Cancel) and 4511 (LDAP protocol) say some operations cannot
be cancelled/abandoned: Abandon, Bind, Unbind, StartTLS, Cancel.
Clients can cancel least Cancel. That lets a client deadlock slapd, or
all slapd threads but one, by spamming slapd with pairs of Cancels that
cancel each other. If both are started, each waits for the other.
Also cn=config operations need to be at least unCancelable: The same
happens if you send pairs of (cn=config op, Cancel that op).
Regarding Cancel, one fix resembling current code would be:
* Before an operation waits for (an)other operation(s):
- Fail if o_cancel, and if o_abandon when the op is abandonable,
- Make it uncancellable: set o_cancel = tooLate even when !o_abandon.
* Cancel and Abandon operations:
- Fail if the targeted operation already has tooLate/cannotCancel.
Actually Cancel already does, but with wrong result code + message.
I include Abandon to keep the number of cancel/abandon-related
states down. Also, (o_abandon, o_cancel) = (1, tooLate) would
otherwise mean two things with the fix above: The op was Cancelled
but completed anyway, or the op was Abandoned and is uncancellable
(but not necessarily unabandonable).