Full_Name: Hallvard B Furuseth Version: HEAD OS: Linux URL: Submission from: (NULL) (129.240.6.233) Submitted by: hallvard

RFCs 3909 (Cancel) and 4511 (LDAP protocol) say some operations cannot be cancelled/abandoned: Abandon, Bind, Unbind, StartTLS, Cancel.

Clients can cancel least Cancel. That lets a client deadlock slapd, or all slapd threads but one, by spamming slapd with pairs of Cancels that cancel each other. If both are started, each waits for the other. Also cn=config operations need to be at least unCancelable: The same happens if you send pairs of (cn=config op, Cancel that op).

Regarding Cancel, one fix resembling current code would be: * Before an operation waits for (an)other operation(s): - Fail if o_cancel, and if o_abandon when the op is abandonable, - Make it uncancellable: set o_cancel = tooLate even when !o_abandon. * Cancel and Abandon operations: - Fail if the targeted operation already has tooLate/cannotCancel. Actually Cancel already does, but with wrong result code + message.

I include Abandon to keep the number of cancel/abandon-related states down. Also, (o_abandon, o_cancel) = (1, tooLate) would otherwise mean two things with the fix above: The op was Cancelled but completed anyway, or the op was Abandoned and is uncancellable (but not necessarily unabandonable).