From: Michael Adam <obnox@samba.org>
Date: Tue, 5 Aug 2008 20:38:44 +0000 (+0200)
Subject: idmap_tdb2: fix a race condition in idmap_tdb2_allocate_id().
X-Git-Tag: samba-3.3.0pre1~277
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=72bd83fea7572a6202027b200d192c05023aa633;p=thirdparty%2Fsamba.git

idmap_tdb2: fix a race condition in idmap_tdb2_allocate_id().

The race is a regression introduced by the change to dbwrap.
It might have led to two concurrent processes returning the same id.

This fix is achieved by changing dbwrap_change_uint32_atomic() to
match the original behaviour of tdb_change_uint32_atomic(), which
is the following: *oldval is used as initial value when
the value does not yet exist and that the old value should be
returned in *oldval.

dbwrap_change_uint32_atomic() is used (only) in idmap_tdb2.c,
to get new ids.

Michael
---

diff --git a/source/lib/dbwrap_util.c b/source/lib/dbwrap_util.c
index 07e50827d44..14baec11a3c 100644
--- a/source/lib/dbwrap_util.c
+++ b/source/lib/dbwrap_util.c
@@ -110,9 +110,13 @@ uint32_t dbwrap_change_uint32_atomic(struct db_context *db, const char *keystr,
 		return -1;
 	}
 
-	if ((rec->value.dptr != NULL)
-	    && (rec->value.dsize == sizeof(val))) {
+	if (rec->value.dptr == NULL) {
+		val = *oldval;
+	} else if (rec->value.dsize == sizeof(val)) {
 		val = IVAL(rec->value.dptr, 0);
+		*oldval = val;
+	} else {
+		return -1;
 	}
 
 	val += change_val;