https://fedorahosted.org/389/ticket/48298
https://fedorahosted.org/389/attachment/ticket/48298/0001-Ticket-48298-ns-slapd-crash-during-ipa-replica-manag.4.patch
On 09/29/2015 08:15 AM, 389 Project wrote:
Comment:
Unfortunately, it did not pass the IPA tests.
Bug Description: The cause of the problem is rather not a race condition but
accessing an already freed agreement in a plug-in:
> The crashed thread is deleting an agreement object, which calls
mep_pre_op.
> It eventually calls op_shared_search with the deleted agreement
object with
> base scope and filter "(|(objectclass=*)(objectclass=ldapsubentry))"
> Since it is a DSE entry it goes to dse_search, in which it calls
agmt_get_
> replarea and crashes in slapi_sdn_copy by NULL dereference in from SDN...
Fix Description: This patch adds the check to agmt_get_replarea, in which if
the agreement is not in the agreement list, it returnes NULL repl area.
When
the NULL repl area is returned the callers back off with an error.
Thanks,
--noriko
--
389-devel mailing list
389-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-devel
