Commit d84afed0 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

don't risk using dangling pointers when looping thru connections (ITS#4405)

parent 8ac01e3c
......@@ -2,6 +2,7 @@ OpenLDAP 2.3 Change Log
OpenLDAP 2.3.26 Release
Fixed libldap dnssrv bug with "not present" positive statement (ITS#4610)
Fixed libldap dangling pointer issue (ITS#4405)
Fixed slapd incorrect rebuilding of replica URI (ITS#4633)
Fixed slapd-monitor operations order via callbacks (ITS#4631)
Fixed slapo-accesslog purge task during shutdown
......
......@@ -233,7 +233,7 @@ wait4msg(
*tvp;
time_t start_time = 0;
time_t tmp_time;
LDAPConn *lc, *nextlc;
LDAPConn *lc;
assert( ld != NULL );
assert( result != NULL );
......@@ -277,8 +277,7 @@ wait4msg(
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
#endif
for ( lc = ld->ld_conns; lc != NULL; lc = nextlc ) {
nextlc = lc->lconn_next;
for ( lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next ) {
if ( ber_sockbuf_ctrl( lc->lconn_sb,
LBER_SB_OPT_DATA_READY, NULL ) ) {
#ifdef LDAP_R_COMPILE
......@@ -333,10 +332,10 @@ wait4msg(
ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
#endif
for ( lc = ld->ld_conns; rc == LDAP_MSG_X_KEEP_LOOKING && lc != NULL;
lc = nextlc )
for ( lc = ld->ld_conns;
rc == LDAP_MSG_X_KEEP_LOOKING && lc != NULL;
lc = lc->lconn_next )
{
nextlc = lc->lconn_next;
if ( lc->lconn_status == LDAP_CONNST_CONNECTED &&
ldap_is_read_ready( ld, lc->lconn_sb ))
{
......@@ -344,10 +343,17 @@ wait4msg(
ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
#endif
rc = try_read1msg( ld, msgid, all, &lc, result );
if ( lc == NULL ) lc = nextlc;
#ifdef LDAP_R_COMPILE
ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
#endif
if ( lc == NULL ) {
/* if lc gets free()'d,
* there's no guarantee
* lc->lconn_next is still
* sane; better restart
* (ITS#4405) */
lc = ld->ld_conns;
}
}
}
#ifdef LDAP_R_COMPILE
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment