[389-ds-base] branch 389-ds-base-1.4.1 updated: Issue 50834 - Incorrectly setting the NSS default SSL version max
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.4.1
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.4.1 by this push:
new de5e4ac Issue 50834 - Incorrectly setting the NSS default SSL version max
de5e4ac is described below
commit de5e4acffd5e463c96502d8683ae213bf277ba32
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Mon Jan 20 13:16:36 2020 -0500
Issue 50834 - Incorrectly setting the NSS default SSL version max
Description: We've been using the wrong function to get the NSS max
version We were calling SSL_VersionRangeGetSupported()
which gets the versions NSS "can" handle, but
SSL_VersionRangeGetDefault() gets the versions that
are actually "enabled".
relates: https://pagure.io/389-ds-base/issue/50834
Reviewed by: mreynolds(one line commit rule)
---
ldap/servers/slapd/ssl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
index 8365b29..9296cd4 100644
--- a/ldap/servers/slapd/ssl.c
+++ b/ldap/servers/slapd/ssl.c
@@ -936,7 +936,7 @@ slapd_nss_init(int init_ssl __attribute__((unused)), int config_available __attr
char *certdir;
char emin[VERSION_STR_LENGTH], emax[VERSION_STR_LENGTH];
/* Get the range of the supported SSL version */
- SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledNSSVersions);
+ SSL_VersionRangeGetDefault(ssl_variant_stream, &enabledNSSVersions);
(void)slapi_getSSLVersion_str(enabledNSSVersions.min, emin, sizeof(emin));
(void)slapi_getSSLVersion_str(enabledNSSVersions.max, emax, sizeof(emax));
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 3 months
[389-ds-base] branch 389-ds-base-1.4.2 updated: Issue 50834 - Incorrectly setting the NSS default SSL version max
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.4.2
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.4.2 by this push:
new c554108 Issue 50834 - Incorrectly setting the NSS default SSL version max
c554108 is described below
commit c5541085ef227e391be6690720e985011cbddc11
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Mon Jan 20 13:16:36 2020 -0500
Issue 50834 - Incorrectly setting the NSS default SSL version max
Description: We've been using the wrong function to get the NSS max
version We were calling SSL_VersionRangeGetSupported()
which gets the versions NSS "can" handle, but
SSL_VersionRangeGetDefault() gets the versions that
are actually "enabled".
relates: https://pagure.io/389-ds-base/issue/50834
Reviewed by: mreynolds(one line commit rule)
---
ldap/servers/slapd/ssl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
index 8365b29..9296cd4 100644
--- a/ldap/servers/slapd/ssl.c
+++ b/ldap/servers/slapd/ssl.c
@@ -936,7 +936,7 @@ slapd_nss_init(int init_ssl __attribute__((unused)), int config_available __attr
char *certdir;
char emin[VERSION_STR_LENGTH], emax[VERSION_STR_LENGTH];
/* Get the range of the supported SSL version */
- SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledNSSVersions);
+ SSL_VersionRangeGetDefault(ssl_variant_stream, &enabledNSSVersions);
(void)slapi_getSSLVersion_str(enabledNSSVersions.min, emin, sizeof(emin));
(void)slapi_getSSLVersion_str(enabledNSSVersions.max, emax, sizeof(emax));
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 3 months
[389-ds-base] branch master updated: Issue 50834 - Incorrectly setting the NSS default SSL version max
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch master
in repository 389-ds-base.
The following commit(s) were added to refs/heads/master by this push:
new d24352c Issue 50834 - Incorrectly setting the NSS default SSL version max
d24352c is described below
commit d24352c9337df91b38984c91ccd5453a97f27fa3
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Mon Jan 20 13:16:36 2020 -0500
Issue 50834 - Incorrectly setting the NSS default SSL version max
Description: We've been using the wrong function to get the NSS max
version We were calling SSL_VersionRangeGetSupported()
which gets the versions NSS "can" handle, but
SSL_VersionRangeGetDefault() gets the versions that
are actually "enabled".
relates: https://pagure.io/389-ds-base/issue/50834
Reviewed by: mreynolds(one line commit rule)
---
ldap/servers/slapd/ssl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
index 8365b29..9296cd4 100644
--- a/ldap/servers/slapd/ssl.c
+++ b/ldap/servers/slapd/ssl.c
@@ -936,7 +936,7 @@ slapd_nss_init(int init_ssl __attribute__((unused)), int config_available __attr
char *certdir;
char emin[VERSION_STR_LENGTH], emax[VERSION_STR_LENGTH];
/* Get the range of the supported SSL version */
- SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledNSSVersions);
+ SSL_VersionRangeGetDefault(ssl_variant_stream, &enabledNSSVersions);
(void)slapi_getSSLVersion_str(enabledNSSVersions.min, emin, sizeof(emin));
(void)slapi_getSSLVersion_str(enabledNSSVersions.max, emax, sizeof(emax));
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 3 months
[389-ds-base] branch 389-ds-base-1.3.10 updated: Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.3.10
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.3.10 by this push:
new da26367 Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free
da26367 is described below
commit da26367f8aacad806f1d1f1d9ba45ec052c0dd8b
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Fri Jan 17 15:42:00 2020 -0500
Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free
Description: When Disk Monitoring finds that disk space is too low it starts
freeing up disk space by removing rotated logs. However the log
list struct was not properly reset after freeing all the files
in the list. This is what allowed the heap-use-after-free to
occur.
relates: https://pagure.io/389-ds-base/issue/50829
Reviewed by: firstyear(Thanks!)
---
ldap/servers/slapd/log.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c
index f308a48..2a6ea86 100644
--- a/ldap/servers/slapd/log.c
+++ b/ldap/servers/slapd/log.c
@@ -3240,6 +3240,12 @@ log__delete_rotated_logs()
logp = logp->l_next;
slapi_ch_free((void **)&prev_log);
}
+
+ /* reset the log struct */
+ loginfo.log_access_logchain = NULL;
+ loginfo.log_audit_logchain = NULL;
+ loginfo.log_auditfail_logchain = NULL;
+ loginfo.log_error_logchain = NULL;
}
#define ERRORSLOG 1
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 3 months
[389-ds-base] branch 389-ds-base-1.4.0 updated: Ticket 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
tbordaz pushed a commit to branch 389-ds-base-1.4.0
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.4.0 by this push:
new 9fd5623 Ticket 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10
9fd5623 is described below
commit 9fd5623f07a63467843e39e9193b2037c302b75f
Author: Thierry Bordaz <tbordaz(a)redhat.com>
AuthorDate: Mon Jan 20 10:41:08 2020 +0100
Ticket 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10
Description of the problem:
Original fix was incorrect as it set again in pblock (SLAPI_CONN_CLIENTNETADDR_ACLIP)
the same structure. As old structure is freed during the slapi_pblock_set,
pblock refers to a freed structure.
Later an other threads using the same aclpb contain will use it after free
(see https://pagure.io/389-ds-base/issue/50709#comment-621129)
Description of the fix:
Only sets in pblock a newly allocated structure
https://pagure.io/389-ds-base/issue/50709
Reviewed by: Mark Reynolds (Thanks !)
---
ldap/servers/plugins/acl/acllas.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/ldap/servers/plugins/acl/acllas.c b/ldap/servers/plugins/acl/acllas.c
index dd41d41..a5602e1 100644
--- a/ldap/servers/plugins/acl/acllas.c
+++ b/ldap/servers/plugins/acl/acllas.c
@@ -305,7 +305,10 @@ DS_LASIpGetter(NSErr_t *errp, PList_t subject, PList_t resource, PList_t auth_in
slapi_log_err(SLAPI_LOG_ACL, plugin_name, "DS_LASIpGetter - "
"Returning client ip address 'unknown'\n");
}
- slapi_pblock_set(aclpb->aclpb_pblock, SLAPI_CONN_CLIENTNETADDR_ACLIP, client_praddr);
+ if (client_praddr != pb_client_praddr) {
+ /* Set it in pblock only if it is newly allocated */
+ slapi_pblock_set(aclpb->aclpb_pblock, SLAPI_CONN_CLIENTNETADDR_ACLIP, client_praddr);
+ }
return LAS_EVAL_TRUE;
}
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 3 months
[389-ds-base] branch 389-ds-base-1.4.1 updated: Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.4.1
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.4.1 by this push:
new 16f7b52 Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free
16f7b52 is described below
commit 16f7b525e69dcf0ced273c2782ba9b00c28372cb
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Fri Jan 17 15:42:00 2020 -0500
Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free
Description: When Disk Monitoring finds that disk space is too low it starts
freeing up disk space by removing rotated logs. However the log
list struct was not properly reset after freeing all the files
in the list. This is what allowed the heap-use-after-free to
occur.
relates: https://pagure.io/389-ds-base/issue/50829
Reviewed by: firstyear(Thanks!)
---
ldap/servers/slapd/log.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c
index bfcf574..b16e56b 100644
--- a/ldap/servers/slapd/log.c
+++ b/ldap/servers/slapd/log.c
@@ -3243,6 +3243,12 @@ log__delete_rotated_logs()
logp = logp->l_next;
slapi_ch_free((void **)&prev_log);
}
+
+ /* reset the log struct */
+ loginfo.log_access_logchain = NULL;
+ loginfo.log_audit_logchain = NULL;
+ loginfo.log_auditfail_logchain = NULL;
+ loginfo.log_error_logchain = NULL;
}
#define ERRORSLOG 1
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 3 months
[389-ds-base] branch 389-ds-base-1.4.1 updated: Ticket 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
tbordaz pushed a commit to branch 389-ds-base-1.4.1
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.4.1 by this push:
new 1d748c5 Ticket 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10
1d748c5 is described below
commit 1d748c5541696ee09b660106693de048a00b2c31
Author: Thierry Bordaz <tbordaz(a)redhat.com>
AuthorDate: Mon Jan 20 10:41:08 2020 +0100
Ticket 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10
Description of the problem:
Original fix was incorrect as it set again in pblock (SLAPI_CONN_CLIENTNETADDR_ACLIP)
the same structure. As old structure is freed during the slapi_pblock_set,
pblock refers to a freed structure.
Later an other threads using the same aclpb contain will use it after free
(see https://pagure.io/389-ds-base/issue/50709#comment-621129)
Description of the fix:
Only sets in pblock a newly allocated structure
https://pagure.io/389-ds-base/issue/50709
Reviewed by: Mark Reynolds (Thanks !)
---
ldap/servers/plugins/acl/acllas.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/ldap/servers/plugins/acl/acllas.c b/ldap/servers/plugins/acl/acllas.c
index dd41d41..a5602e1 100644
--- a/ldap/servers/plugins/acl/acllas.c
+++ b/ldap/servers/plugins/acl/acllas.c
@@ -305,7 +305,10 @@ DS_LASIpGetter(NSErr_t *errp, PList_t subject, PList_t resource, PList_t auth_in
slapi_log_err(SLAPI_LOG_ACL, plugin_name, "DS_LASIpGetter - "
"Returning client ip address 'unknown'\n");
}
- slapi_pblock_set(aclpb->aclpb_pblock, SLAPI_CONN_CLIENTNETADDR_ACLIP, client_praddr);
+ if (client_praddr != pb_client_praddr) {
+ /* Set it in pblock only if it is newly allocated */
+ slapi_pblock_set(aclpb->aclpb_pblock, SLAPI_CONN_CLIENTNETADDR_ACLIP, client_praddr);
+ }
return LAS_EVAL_TRUE;
}
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 3 months
[389-ds-base] branch 389-ds-base-1.4.2 updated: Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.4.2
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.4.2 by this push:
new d4702b5 Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free
d4702b5 is described below
commit d4702b5c3af36a0ab33eab8ffb3f4a31a63fd765
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Fri Jan 17 15:42:00 2020 -0500
Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free
Description: When Disk Monitoring finds that disk space is too low it starts
freeing up disk space by removing rotated logs. However the log
list struct was not properly reset after freeing all the files
in the list. This is what allowed the heap-use-after-free to
occur.
relates: https://pagure.io/389-ds-base/issue/50829
Reviewed by: firstyear(Thanks!)
---
ldap/servers/slapd/log.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c
index bfcf574..b16e56b 100644
--- a/ldap/servers/slapd/log.c
+++ b/ldap/servers/slapd/log.c
@@ -3243,6 +3243,12 @@ log__delete_rotated_logs()
logp = logp->l_next;
slapi_ch_free((void **)&prev_log);
}
+
+ /* reset the log struct */
+ loginfo.log_access_logchain = NULL;
+ loginfo.log_audit_logchain = NULL;
+ loginfo.log_auditfail_logchain = NULL;
+ loginfo.log_error_logchain = NULL;
}
#define ERRORSLOG 1
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 3 months
[389-ds-base] branch 389-ds-base-1.4.2 updated: Ticket 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
tbordaz pushed a commit to branch 389-ds-base-1.4.2
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.4.2 by this push:
new b05c86d Ticket 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10
b05c86d is described below
commit b05c86ddf2248c8f41c669d138340de53b31a501
Author: Thierry Bordaz <tbordaz(a)redhat.com>
AuthorDate: Mon Jan 20 10:41:08 2020 +0100
Ticket 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10
Description of the problem:
Original fix was incorrect as it set again in pblock (SLAPI_CONN_CLIENTNETADDR_ACLIP)
the same structure. As old structure is freed during the slapi_pblock_set,
pblock refers to a freed structure.
Later an other threads using the same aclpb contain will use it after free
(see https://pagure.io/389-ds-base/issue/50709#comment-621129)
Description of the fix:
Only sets in pblock a newly allocated structure
https://pagure.io/389-ds-base/issue/50709
Reviewed by: Mark Reynolds (Thanks !)
---
ldap/servers/plugins/acl/acllas.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/ldap/servers/plugins/acl/acllas.c b/ldap/servers/plugins/acl/acllas.c
index dd41d41..a5602e1 100644
--- a/ldap/servers/plugins/acl/acllas.c
+++ b/ldap/servers/plugins/acl/acllas.c
@@ -305,7 +305,10 @@ DS_LASIpGetter(NSErr_t *errp, PList_t subject, PList_t resource, PList_t auth_in
slapi_log_err(SLAPI_LOG_ACL, plugin_name, "DS_LASIpGetter - "
"Returning client ip address 'unknown'\n");
}
- slapi_pblock_set(aclpb->aclpb_pblock, SLAPI_CONN_CLIENTNETADDR_ACLIP, client_praddr);
+ if (client_praddr != pb_client_praddr) {
+ /* Set it in pblock only if it is newly allocated */
+ slapi_pblock_set(aclpb->aclpb_pblock, SLAPI_CONN_CLIENTNETADDR_ACLIP, client_praddr);
+ }
return LAS_EVAL_TRUE;
}
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 3 months
[389-ds-base] branch 389-ds-base-1.3.10 updated: Issue 50599 - Fix memory leak when removing db region files
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.3.10
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.3.10 by this push:
new 89422c6 Issue 50599 - Fix memory leak when removing db region files
89422c6 is described below
commit 89422c6b3757702c3d4a68dc75a59029d0d4d9d2
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Fri Jan 17 10:53:03 2020 -0500
Issue 50599 - Fix memory leak when removing db region files
Description: An unnecessary flag was set in glob() that was resulting
in a memory leak in the DS code. Removing this flag
eliminated the leak.
relates: https://pagure.io/389-ds-base/issue/50599
Reviewed by: tbordaz(Thanks!)
---
ldap/servers/slapd/back-ldbm/dblayer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c b/ldap/servers/slapd/back-ldbm/dblayer.c
index f679bb1..ea6d956 100644
--- a/ldap/servers/slapd/back-ldbm/dblayer.c
+++ b/ldap/servers/slapd/back-ldbm/dblayer.c
@@ -1371,7 +1371,7 @@ dblayer_start(struct ldbminfo *li, int dbmode)
/* Better wipe out the region files to help ensure a clean start */
PR_snprintf(file_pattern, MAXPATHLEN, "%s/%s", region_dir, "__db.*");
- if (glob(file_pattern, GLOB_DOOFFS, NULL, &globbuf) == 0) {
+ if (glob(file_pattern, 0, NULL, &globbuf) == 0) {
for (size_t i = 0; i < globbuf.gl_pathc; i++) {
remove(globbuf.gl_pathv[i]);
}
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 3 months