For ITS#6104: Protect initial o_abandon/o_cancel with op->o_conn->c_mutex.

[openldap] / servers / slapd / cancel.c

diff --git a/servers/slapd/cancel.c b/servers/slapd/cancel.c
index ce0b1fdbc06c5bbf7d9d994b34df8e8d56d25b32..ef35046c0af611c4f39c6156087fd42ebc911989 100644 (file)
--- a/servers/slapd/cancel.c
+++ b/servers/slapd/cancel.c
@@ -65,6 +65,7 @@ int cancel_extop( Operation *op, SlapReply *rs )
        }
 
        ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+
        LDAP_STAILQ_FOREACH( o, &op->o_conn->c_pending_ops, o_next ) {
                if ( o->o_msgid == opid ) {
                        LDAP_STAILQ_REMOVE( &op->o_conn->c_pending_ops, o, Operation, o_next );
@@ -78,21 +79,25 @@ int cancel_extop( Operation *op, SlapReply *rs )
 
        LDAP_STAILQ_FOREACH( o, &op->o_conn->c_ops, o_next ) {
                if ( o->o_msgid == opid ) {
-                       o->o_abandon = 1;
                        break;
                }
        }
 
-       ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
-
-       if ( o ) {
-               if ( o->o_cancel != SLAP_CANCEL_NONE ) {
-                       rs->sr_text = "message ID already being cancelled";
-                       return LDAP_PROTOCOL_ERROR;
-               }
-
+       if ( o == NULL ) {
+               rc = LDAP_NO_SUCH_OPERATION;
+               rs->sr_text = "message ID not found";
+       } else if ( o->o_cancel != SLAP_CANCEL_NONE ) {
+               rc = LDAP_PROTOCOL_ERROR;
+               rs->sr_text = "message ID already being cancelled";
+       } else {
+               rc = LDAP_SUCCESS;
                o->o_cancel = SLAP_CANCEL_REQ;
+               o->o_abandon = 1;
+       }
+
+       ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
 
+       if ( rc == LDAP_SUCCESS ) {
                LDAP_STAILQ_FOREACH( op->o_bd, &backendDB, be_next ) {
                        if( !op->o_bd->be_cancel ) continue;
 
@@ -113,9 +118,6 @@ int cancel_extop( Operation *op, SlapReply *rs )
                }
 
                o->o_cancel = SLAP_CANCEL_DONE;
-       } else {
-               rs->sr_text = "message ID not found";
-               rc = LDAP_NO_SUCH_OPERATION;
        }
 
        return rc;