]> git.ipfire.org Git - thirdparty/openldap.git/commitdiff
projects / thirdparty / openldap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 49231ba)
ITS#9045 Do not share cn=config entries with outside code
authorOndřej Kuzník <ondra@mistotebe.net>
Wed, 26 Oct 2022 14:55:18 +0000 (15:55 +0100)
committerQuanah Gibson-Mount <quanah@openldap.org>
Tue, 1 Nov 2022 17:07:15 +0000 (17:07 +0000)
config_back_entry_get currently returns the entry directly without
securing the rwlock, which is unsafe. However we can't keep holding it
on return in case the caller decides to hold onto the entry
indefinitely, hence rlock+entry_dup+runlock.

servers/slapd/bconfig.c patch | blob | blame | history

diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c
index c5c69bab564143509203587cef9d4f3463971e5d..4e00802723f5f5573a3b467aef1f91908b4f1dfd 100644 (file)
--- a/servers/slapd/bconfig.c
+++ b/servers/slapd/bconfig.c
@@ -6941,7 +6941,6 @@ out:
        return rs->sr_err;
 }
 
-/* no-op, we never free entries */
 int config_entry_release(
        Operation *op,
        Entry *e,
@@ -6961,6 +6960,8 @@ int config_entry_release(
                } else {
                        entry_free( e );
                }
+       } else {
+               entry_free( e );
        }
        return rc;
 }
@@ -6977,21 +6978,31 @@ int config_back_entry_get(
 {
        CfBackInfo *cfb;
        CfEntryInfo *ce, *last;
-       int rc = LDAP_NO_SUCH_OBJECT;
+       Entry *e = NULL;
+       int locked = 0, rc = LDAP_NO_SUCH_OBJECT;
 
        cfb = (CfBackInfo *)op->o_bd->be_private;
 
+       if ( !ldap_pvt_thread_pool_pausequery( &connection_pool ) ) {
+               ldap_pvt_thread_rdwr_rlock( &cfb->cb_rwlock );
+               locked = 1;
+       }
        ce = config_find_base( cfb->cb_root, ndn, &last );
        if ( ce ) {
-               *ent = ce->ce_entry;
-               if ( *ent ) {
+               e = ce->ce_entry;
+               if ( e ) {
                        rc = LDAP_SUCCESS;
-                       if ( oc && !is_entry_objectclass_or_sub( *ent, oc ) ) {
+                       if ( oc && !is_entry_objectclass_or_sub( e, oc ) ) {
                                rc = LDAP_NO_SUCH_ATTRIBUTE;
-                               *ent = NULL;
+                               e = NULL;
                        }
                }
        }
+       if ( e ) {
+               *ent = entry_dup( e );
+       }
+       if ( locked )
+               ldap_pvt_thread_rdwr_runlock( &cfb->cb_rwlock );
 
        return rc;
 }
Mirror of https://git.openldap.org/openldap/openldap.git