From 6d7c1880a8bdfe44556743842c759b46aab35120 Mon Sep 17 00:00:00 2001 From: Hallvard Furuseth Date: Fri, 31 Dec 2010 13:08:11 +0000 Subject: [PATCH] ITS#6758 Avoid SlapReply reuse. Caller provides a SlapReply and reads the result after the operation, then reuses it. Reinitialize before reuse, or move declaration inwards. --- contrib/slapd-modules/nssov/pam.c | 6 +++--- servers/slapd/overlays/pcache.c | 4 ++-- servers/slapd/sasl.c | 2 +- servers/slapd/syncrepl.c | 18 +++++++++++++----- 4 files changed, 19 insertions(+), 11 deletions(-) diff --git a/contrib/slapd-modules/nssov/pam.c b/contrib/slapd-modules/nssov/pam.c index 3a074b3074..146ce0f96c 100644 --- a/contrib/slapd-modules/nssov/pam.c +++ b/contrib/slapd-modules/nssov/pam.c @@ -273,7 +273,6 @@ int pam_authz(nssov_info *ni,TFILE *fp,Operation *op) int rc; Entry *e = NULL; Attribute *a; - SlapReply rs = {REP_RESULT}; slap_callback cb = {0}; READ_STRING(fp,uidc); @@ -313,6 +312,7 @@ int pam_authz(nssov_info *ni,TFILE *fp,Operation *op) AttributeAssertion ava = ATTRIBUTEASSERTION_INIT; struct berval hostdn = BER_BVNULL; struct berval odn = op->o_ndn; + SlapReply rs = {REP_RESULT}; op->o_dn = dn; op->o_ndn = dn; { @@ -341,8 +341,7 @@ int pam_authz(nssov_info *ni,TFILE *fp,Operation *op) !BER_BVISEMPTY(&ni->ni_pam_defhost)) { filter.bv_len = sizeof(fbuf); filter.bv_val = fbuf; - memset(&rs2, 0, sizeof(rs2)); - rs2.sr_type = REP_RESULT; + rs_reinit(&rs2, REP_RESULT); nssov_filter_byname(mi,0,&ni->ni_pam_defhost,&filter); op->ors_filterstr = filter; op->ors_filter = str2filter_x(op, filter.bv_val); @@ -381,6 +380,7 @@ int pam_authz(nssov_info *ni,TFILE *fp,Operation *op) !BER_BVISEMPTY(&ni->ni_pam_group_dn) && ni->ni_pam_group_ad) { AttributeAssertion ava = ATTRIBUTEASSERTION_INIT; + SlapReply rs = {REP_RESULT}; op->o_callback = &cb; cb.sc_response = slap_null_cb; op->o_tag = LDAP_REQ_COMPARE; diff --git a/servers/slapd/overlays/pcache.c b/servers/slapd/overlays/pcache.c index 6a4af3bc30..9f97ca7bcb 100644 --- a/servers/slapd/overlays/pcache.c +++ b/servers/slapd/overlays/pcache.c @@ -4524,7 +4524,7 @@ pcache_db_open2( OperationBuffer opbuf; Operation *op; slap_callback cb = { 0 }; - SlapReply rs = { 0 }; + SlapReply rs = { REP_RESULT }; BerVarray vals = NULL; Filter f = { 0 }, f2 = { 0 }; AttributeAssertion ava = ATTRIBUTEASSERTION_INIT; @@ -4589,8 +4589,8 @@ pcache_db_open2( op->ors_scope = LDAP_SCOPE_SUBTREE; op->ors_attrs = slap_anlist_no_attrs; + rs_reinit( &rs, REP_RESULT ); op->o_callback->sc_response = pcache_cachedquery_count_cb; - rs.sr_nentries = 0; op->o_callback->sc_private = &rs.sr_nentries; rc = op->o_bd->be_search( op, &rs ); diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index f83d605d6c..c357d2d86c 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -509,7 +509,6 @@ slap_auxprop_store( { Operation op = {0}; Opheader oph; - SlapReply rs = {REP_RESULT}; int rc, i; unsigned j; Connection *conn = NULL; @@ -624,6 +623,7 @@ slap_auxprop_store( op.orm_modlist = modlist; for (;;) { + SlapReply rs = {REP_RESULT}; rc = op.o_bd->be_modify( &op, &rs ); #ifdef SLAP_AUXPROP_DONTUSECOPY diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c index 4d5174fd67..69bd6b5cb9 100644 --- a/servers/slapd/syncrepl.c +++ b/servers/slapd/syncrepl.c @@ -2239,9 +2239,6 @@ syncrepl_entry( struct berval syncUUID_strrep = BER_BVNULL; SlapReply rs_search = {REP_RESULT}; - SlapReply rs_delete = {REP_RESULT}; - SlapReply rs_add = {REP_RESULT}; - SlapReply rs_modify = {REP_RESULT}; Filter f = {0}; AttributeAssertion ava = ATTRIBUTEASSERTION_INIT; int rc = LDAP_SUCCESS; @@ -2388,6 +2385,7 @@ syncrepl_entry( } retry_add:; if ( BER_BVISNULL( &dni.dn ) ) { + SlapReply rs_add = {REP_RESULT}; op->o_req_dn = entry->e_name; op->o_req_ndn = entry->e_nname; @@ -2475,6 +2473,7 @@ retry_add:; struct berval noldp, newp; Modifications *mod, **modtail, **ml, *m2; int i, got_replace = 0, just_rename = 0; + SlapReply rs_modify = {REP_RESULT}; op->o_tag = LDAP_REQ_MODRDN; dnRdn( &entry->e_name, &op->orr_newrdn ); @@ -2652,6 +2651,7 @@ retry_add:; } op->o_bd = si->si_wbe; retry_modrdn:; + rs_reinit( &rs_modify, REP_RESULT ); rc = op->o_bd->be_modrdn( op, &rs_modify ); /* NOTE: noSuchObject should result because the new superior @@ -2682,6 +2682,8 @@ retry_modrdn:; slap_queue_csn( op, syncCSN ); } if ( dni.mods ) { + SlapReply rs_modify = {REP_RESULT}; + op->o_tag = LDAP_REQ_MODIFY; op->orm_modlist = dni.mods; op->orm_no_opattrs = 1; @@ -2712,6 +2714,7 @@ retry_modrdn:; goto done; case LDAP_SYNC_DELETE : if ( !BER_BVISNULL( &dni.dn ) ) { + SlapReply rs_delete = {REP_RESULT}; op->o_req_dn = dni.dn; op->o_req_ndn = dni.ndn; op->o_tag = LDAP_REQ_DELETE; @@ -2731,6 +2734,7 @@ retry_modrdn:; op->o_req_dn = pdn; op->o_req_ndn = pdn; op->o_callback = &cb; + rs_reinit( &rs_delete, REP_RESULT ); op->o_bd->be_delete( op, &rs_delete ); } else { break; @@ -2789,7 +2793,6 @@ syncrepl_del_nonpresent( { Backend* be = op->o_bd; slap_callback cb = { NULL }; - SlapReply rs_delete = {REP_RESULT}; struct nonpresent_entry *np_list, *np_prev; int rc; AttributeName an[2]; @@ -2919,6 +2922,8 @@ syncrepl_del_nonpresent( np_list = LDAP_LIST_FIRST( &si->si_nonpresentlist ); while ( np_list != NULL ) { + SlapReply rs_delete = {REP_RESULT}; + LDAP_LIST_REMOVE( np_list, npe_link ); np_prev = np_list; np_list = LDAP_LIST_NEXT( np_list, npe_link ); @@ -2971,6 +2976,7 @@ syncrepl_del_nonpresent( op->o_req_dn = pdn; op->o_req_ndn = pdn; op->o_callback = &cb; + rs_reinit( &rs_delete, REP_RESULT ); /* give it a root privil ? */ op->o_bd->be_delete( op, &rs_delete ); } else { @@ -3013,7 +3019,6 @@ syncrepl_add_glue_ancestors( struct berval dn = BER_BVNULL; struct berval ndn = BER_BVNULL; Entry *glue; - SlapReply rs_add = {REP_RESULT}; struct berval ptr, nptr; char *comma; @@ -3071,6 +3076,8 @@ syncrepl_add_glue_ancestors( } while ( ndn.bv_val > e->e_nname.bv_val ) { + SlapReply rs_add = {REP_RESULT}; + glue = entry_alloc(); ber_dupbv( &glue->e_name, &dn ); ber_dupbv( &glue->e_nname, &ndn ); @@ -3288,6 +3295,7 @@ syncrepl_updateCookie( char txtbuf[SLAP_TEXT_BUFLEN]; size_t textlen = sizeof txtbuf; Entry *e = slap_create_context_csn_entry( op->o_bd, NULL ); + rs_reinit( &rs_modify, REP_RESULT ); rc = slap_mods2entry( &mod, &e, 0, 1, &text, txtbuf, textlen); op->ora_e = e; rc = op->o_bd->be_add( op, &rs_modify ); -- 2.39.5