From b52c62e69f04c2e9eca3809898fb525421aaea47 Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Sun, 16 Nov 2008 20:29:26 +0000
Subject: [PATCH] don't assert on unprotected data (ITS#5814)

---
 servers/slapd/connection.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
index ce36494b52..8d4db23427 100644
--- a/servers/slapd/connection.c
+++ b/servers/slapd/connection.c
@@ -424,7 +424,9 @@ Connection * connection_init(
 	if ( flags & CONN_IS_CLIENT ) {
 		c->c_connid = 0;
 		c->c_conn_state = SLAP_C_CLIENT;
+		ldap_pvt_thread_mutex_lock( &connections_mutex );
 		c->c_struct_state = SLAP_C_USED;
+		ldap_pvt_thread_mutex_unlock( &connections_mutex );
 		c->c_close_reason = "?";			/* should never be needed */
 		ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_FD, &sfd );
 		ldap_pvt_thread_mutex_unlock( &c->c_mutex );
@@ -509,7 +511,9 @@ Connection * connection_init(
 	ldap_pvt_thread_mutex_unlock( &conn_nextid_mutex );
 
 	c->c_conn_state = SLAP_C_INACTIVE;
+	ldap_pvt_thread_mutex_lock( &connections_mutex );
 	c->c_struct_state = SLAP_C_USED;
+	ldap_pvt_thread_mutex_unlock( &connections_mutex );
 	c->c_close_reason = "?";			/* should never be needed */
 
 	c->c_ssf = c->c_transport_ssf = ssf;
@@ -843,12 +847,12 @@ Connection* connection_next( Connection *c, ber_socket_t *index )
 	for(; *index < dtblsize; (*index)++) {
 		int c_struct;
 		if( connections[*index].c_struct_state == SLAP_C_UNINITIALIZED ) {
+			/* FIXME: accessing c_conn_state without locking c_mutex */
 			assert( connections[*index].c_conn_state == SLAP_C_INVALID );
 			continue;
 		}
 
 		if( connections[*index].c_struct_state == SLAP_C_USED ) {
-			assert( connections[*index].c_conn_state != SLAP_C_INVALID );
 			c = &connections[(*index)++];
 			if ( ldap_pvt_thread_mutex_trylock( &c->c_mutex )) {
 				/* avoid deadlock */
@@ -861,6 +865,7 @@ Connection* connection_next( Connection *c, ber_socket_t *index )
 					continue;
 				}
 			}
+			assert( c->c_conn_state != SLAP_C_INVALID );
 			break;
 		}
 
@@ -868,6 +873,7 @@ Connection* connection_next( Connection *c, ber_socket_t *index )
 		if ( c_struct == SLAP_C_PENDING )
 			continue;
 		assert( c_struct == SLAP_C_UNUSED );
+		/* FIXME: accessing c_conn_state without locking c_mutex */
 		assert( connections[*index].c_conn_state == SLAP_C_INVALID );
 	}
 
-- 
2.39.5