Package: openldap / 2.4.44+dfsg-5+deb9u3

ITS-8432-fix-infinite-looping-mods-in-delta-mmr.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
From 92724fd39e3c6a65d460ad7a08d3acc3c16656e3 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Thu, 9 Jun 2016 22:37:54 +0100
Subject: [PATCH] ITS#8432 fix infinite looping mods in delta-mmr

---
 servers/slapd/syncrepl.c | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

--- a/servers/slapd/syncrepl.c
+++ b/servers/slapd/syncrepl.c
@@ -934,6 +934,10 @@
 						check_syncprov( op, si );
 						ldap_pvt_thread_mutex_lock( &si->si_cookieState->cs_mutex );
 						for ( i =0; i<si->si_cookieState->cs_num; i++ ) {
+#ifdef CHATTY_SYNCLOG
+							Debug( LDAP_DEBUG_SYNC, "do_syncrep2: %s CSN for sid %d: %s\n",
+								si->si_ridtxt, i, si->si_cookieState->cs_vals[i].bv_val );
+#endif
 							/* new SID */
 							if ( sid < si->si_cookieState->cs_sids[i] )
 								break;
@@ -2064,6 +2068,33 @@
 	if ( !mod )
 		return SLAP_CB_CONTINUE;
 
+	{
+		int i, sid;
+		sid = slap_parse_csn_sid( &mod->sml_nvalues[0] );
+		ldap_pvt_thread_mutex_lock( &si->si_cookieState->cs_mutex );
+		for ( i =0; i<si->si_cookieState->cs_num; i++ ) {
+#ifdef CHATTY_SYNCLOG
+			Debug( LDAP_DEBUG_SYNC, "syncrepl_op_modify: %s CSN for sid %d: %s\n",
+				si->si_ridtxt, i, si->si_cookieState->cs_vals[i].bv_val );
+#endif
+			/* new SID */
+			if ( sid < si->si_cookieState->cs_sids[i] )
+				break;
+			if ( si->si_cookieState->cs_sids[i] == sid ) {
+				if ( ber_bvcmp( &mod->sml_nvalues[0], &si->si_cookieState->cs_vals[i] ) <= 0 ) {
+					Debug( LDAP_DEBUG_SYNC, "syncrepl_op_modify: %s entryCSN too old, ignoring %s (%s)\n",
+						si->si_ridtxt, mod->sml_nvalues[0].bv_val, op->o_req_dn.bv_val );
+					ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex );
+					slap_graduate_commit_csn( op );
+					/* tell accesslog this was a failure */
+					rs->sr_err = LDAP_TYPE_OR_VALUE_EXISTS;
+					return LDAP_SUCCESS;
+				}
+			}
+		}
+		ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex );
+	}
+
 	rc = overlay_entry_get_ov( op, &op->o_req_ndn, NULL, NULL, 0, &e, on );
 	if ( rc == 0 ) {
 		Attribute *a;
@@ -2077,6 +2108,7 @@
 	}
 	/* equal? Should never happen */
 	if ( match == 0 ) {
+		slap_graduate_commit_csn( op );
 		/* tell accesslog this was a failure */
 		rs->sr_err = LDAP_TYPE_OR_VALUE_EXISTS;
 		return LDAP_SUCCESS;