On Fri, Jun 24, 2016 at 08:04:27PM +0000, doug.leavitt@oracle.com wrote:

There is a race condition in ldap_int_utils_init that can be triggered when multiple threads enter ldap_int_utils_init from ldap_init_initialize about the same time. The done flag gets set immediately, before the various mutexes are initialized. If thread A sets done, and thread B tests for done==1 before thread A has completed the mutex inits, thread B can attempt to use an uninitialized mutex and fail/core dump etc.

Additionally if judt the done=1 is moved to the bottom of the function thwo threads can both be initializing the same mutexes multiple times causes other mayhem.

The short term workaround for Solaris (THR APIs) is to move setting of done=1 to after the mutex inits, and to protect the mutex inits using another statically initialized mutex within ldap_int_utils_init.

Hi Doug, a patch addressing this and ITS#7996 has been pushed to master (db40120a276c3b7968552e253aea24860fad5f60) and will also be part (cde56fad154fcd25e351c3cd84d8173d263b0a01) of the upcoming 2.4.48 release.

Thanks,