Re: (ITS#7636) slapd crash when multi-master replication (syncrepl) enabled - openldap-bugs

9 Jul 2013

This is a multi-part message in MIME format.
--------------090107030705000509000908
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
kb9vqf@pearsoncomputing.net wrote:
...
Unfortunately the previous patch only fixes some of the most obvious
(immediate) crashes.  There are other places in the code (e.g. syncprov.c
line 647) which pass non-malloc()ed variables to be_search() and thereby
crash slapd.
Has syncrepl even been tested with plugins before?  We really wanted to
use OpenLDAP for our directory server, however if replication cannot be
used with plugins then we may need to go with a Microsoft solution
instead.
Any hints?
Somewhat of a workaround - slapi should not be doing anything here unless the 
filter was actually changed.
syncprov is using (objectclass=*) which frankly no plugin should be rewriting, 
so this will cover it for the most part. Aside from that it looks like this 
area of the slapi interaction needs some redesign.
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

--------------090107030705000509000908
Content-Type: text/plain; charset=UTF-8;
 name="diff.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="diff.txt"

diff --git a/servers/slapd/slapi/slapi_overlay.c b/servers/slapd/slapi/slapi_overlay.c
index 0db4ce2..ad23153 100644
--- a/servers/slapd/slapi/slapi_overlay.c
+++ b/servers/slapd/slapi/slapi_overlay.c
@@ -296,6 +296,7 @@ static int
 slapi_op_search_callback( Operation *op, SlapReply *rs, int prc )
 {
    Slapi_PBlock		*pb = SLAPI_OPERATION_PBLOCK( op );
+	Filter *f = op->ors_filter;

    /* check preoperation result code */
    if ( prc < 0 ) {
@@ -310,8 +311,10 @@ slapi_op_search_callback( Operation *op, SlapReply *rs, int prc )
    	 * The plugin can set the SLAPI_SEARCH_FILTER.
    	 * SLAPI_SEARCH_STRFILER is not normative.
    	 */
-		op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
-		filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
+		if (f != op->ors_filter) {
+			op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
+			filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
+		}
    }

    return LDAP_SUCCESS;

--------------090107030705000509000908--



    