ITS#6437, save space: Do not allocate the tail, except if size==0.
Store a tail only in freed blocks. (Alignment ensures there will
be room.) Put the freed mark in next block's head.
ITS#6437, failure/fallback/debug handling:
slap_sl_malloc could return failure. Exit instead, like the rest of sl_malloc.
Since we increase size, reduce it before Debug() and/or fallback to ch_malloc.
Debug() before exit() on failure. Tweak debug formats and a comment.
ITS#6437 cleanup (noop change):
Move thread/nothread code to macros SET_MEMCTX()/GET_MEMCTX().
Rename some thread/memory contexts 'ctx' to thrctx/memctx to avoid confusion.
ITS#6437, fixes for stack implementation of slap_sl_realloc():
Preserve 2*int alignment on hosts where sizeof(int) == sizeof(ber_len_t).
If realloc of last block falls back to ch_malloc, free last block properly.
Fix range check (ptr + size < endptr) --> (size < endptr - ptr).
ITS#6437, slap_sl_mem_create():
Bugfix: Switching implementation stack<->pool on an old context could
crash or leak, it ran the wrong implementation's cleanup code.
Cleanup: Factor out identical stack/pool code. Call
slap_sl_mem_destroy(NULL,) instead of copying its pool code.
API change: slap_sl_mem_destroy(key=NULL,) gets a new meaning. Does
not affect current OpenLDAP code, it never passed NULL.
ITS#6763,7053 Cleanup after sending entry/searchref.
slap_send_search_entry(), slap_send_search_reference(): Never skip
the cleanup code. Sending an entry did on sizeLimitExceeded/busy.
Sending a ref dropped rs_flush_entry() on error.
Ralf Haferkamp [Tue, 18 Oct 2011 15:08:05 +0000 (17:08 +0200)]
ITS#7066 reworked default deny ACL for cn=config
Dynamically adding ACL for cn=config didn't work correctly, when no
ACLs where present for that database upon startup. Delete the last
ACL from the DB could also lead to unexpected results.
ITS#7034 use mutex for connection handshake when using PEM nss
PEM nss is not thread safe when establishing the initial connection
using SSL_ForceHandshake. Create a new mutex - tlsm_pem_mutex - to
protect this function call.
The call to SSL_ConfigServerSessionIDCache() is not thread-safe - move it
to the init section and protect it with the init mutex.
Howard Chu [Fri, 9 Sep 2011 06:41:06 +0000 (23:41 -0700)]
Add a few NULL checks to defend against dumb API checkers.
Unfortunately automated checkers don't seem to read the documentation
for how APIs are expected to be used, and the C declaration syntax
isn't expressive enough to encode the documented usage.
Done for keywords index,limits. (Also do 'mode' if there were any cases.)
Change generated by: perl -i -pw0777e '
INIT { $q=qr/\#(?:[bh]|index|main)db\#/im; $k=qr/(?:index|limits|mode)\b/ }
0 while s/^$q($k.*\n)((?:$q.*\n)*?)\n?$q\1/\#maindb\#$1$2/imo;
s/^\#maindb\#index/\#indexdb\#index/igm;
' tests/data/*.* tests/data/regressions/*/*.*
Simplifies tests for the DB storage backends.
Adds indexing etc to ndb in some cases, to match bdb/hdb.
This also fixes some broken back-null/back-ldif settings.
Rich Megginson [Tue, 16 Aug 2011 18:01:16 +0000 (12:01 -0600)]
ITS#7022 NSS_Init* functions are not thread safe
The NSS_InitContext et. al, and their corresponding shutdown functions,
are not thread safe. There can only be one thread at a time calling
these functions. Protect the calls with a mutex. Create the mutex
using a PR_CallOnce to ensure that the mutex is only created once and
not used before created. Move the registration of the nss shutdown
callback to also use a PR_CallOnce. Removed the call to
SSL_ClearSessionCache() because it is always called at shutdown, and we must
not call it more than once.
Jan Vcelak [Tue, 9 Aug 2011 13:21:34 +0000 (15:21 +0200)]
ITS#7014 TLS: don't check hostname if reqcert is 'allow'
If server certificate hostname does not match the server hostname,
connection is closed even if client has set TLS_REQCERT to 'allow'. This
is wrong - the documentation says, that bad certificates are being
ignored when TLS_REQCERT is set to 'allow'.