[Freeipa-devel] [PATCH] Fix potential segfault in kdb driver

Wed, 07 Jan 2015 12:19:06 -0800 

This patch should fix ticket #4810
I've not been able to reproduce the issue and therefore reliably test
this was the only issue, but the backtrace in the original bugzilla was
clear enough to point at the fix in this patch.

HTH,
Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

>From 591b01d683e450cfbd0f31dedb2810eb3c60437d Mon Sep 17 00:00:00 2001
From: Simo Sorce <[email protected]>
Date: Fri, 12 Dec 2014 13:56:51 -0500
Subject: [PATCH] Avoid calling ldap functions without a context

We need to make sure we have a ld context before we can load the
configuration, otherwise ldap APIs will abort crashing the KDC.

If we have an issue connecting to LDAP the lcontext will be NULL, but
we are not checking that condition when we try to refresh the global
configuration.

Fixes: #4810

Signed-off-by: Simo Sorce <[email protected]>
---
 daemons/ipa-kdb/ipa_kdb.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c
index e5101bdd0ad880888fd58fd93a5ca8133868db98..d20b6a1f4666a40f1f0523c5ee9b729e27b666ad 100644
--- a/daemons/ipa-kdb/ipa_kdb.c
+++ b/daemons/ipa-kdb/ipa_kdb.c
@@ -224,6 +224,10 @@ static int ipadb_load_global_config(struct ipadb_context *ipactx)
     int ret;
     char **authz_data_list;
 
+    if (!ipactx || !ipactx->lcontext) {
+        return EINVAL;
+    }
+
     ret = asprintf(&base, "cn=ipaConfig,cn=etc,%s", ipactx->base);
     if (ret == -1) {
         ret = ENOMEM;
@@ -295,10 +299,19 @@ const struct ipadb_global_config *
 ipadb_get_global_config(struct ipadb_context *ipactx)
 {
     time_t now = 0;
+    int ret;
 
-    if (time(&now) != (time_t)-1
-        && now - ipactx->config.last_update > IPADB_GLOBAL_CONFIG_CACHE_TIME)
-        ipadb_load_global_config(ipactx);
+    if (time(&now) != (time_t)-1 &&
+        now - ipactx->config.last_update > IPADB_GLOBAL_CONFIG_CACHE_TIME) {
+        if (!ipactx->lcontext) {
+            ret = ipadb_get_connection(ipactx);
+            if (ret != 0)
+                return NULL;
+        }
+        ret = ipadb_load_global_config(ipactx);
+        if (ret != 0)
+            return NULL;
+    }
 
     return &ipactx->config;
 }
-- 
2.1.0


_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to