[Fedora-directory-commits] ldapserver/ldap/servers/plugins/views views.c, 1.9, 1.10

Fri Oct 12 16:53:05 UTC 2007

Author: rmeggins

Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/views
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11904/ldapserver/ldap/servers/plugins/views

Modified Files:
	views.c 
Log Message:
Resolves: bug 288291
Bug Description: add an view object inside a view object that has an improper nsviewfilter crashes the server
Reviewed by: nhosoi (Thanks!)
Fix Description: I could not reproduce the problem by simply adding the bogus nsviewfilter.  The server seemed to run fine, but I didn't stress it.  However, if I restarted the server, the server would core during startup.  The last message in the error log would say something about recovering the database, which is probably why the bug reporter said that it will not recover the database.  The problem doesn't appear to be with views specifically, but with any internal search which uses the search_internal_callback_pb() (as opposed to the non callback internal search) and there are search base rewriters (such as the views code).  The aci code uses this type of search at startup to find the acis, and that's where I saw the crash.  I could crash the server at startup regardless of whether the view filter was bogus or not.  The problem is that we are not passing in the address of new_base to slapi_ch_free.  The fix is to use slapi_ch_free_string and pass in the address of the st!
 ring.  That fixes the crash.
I also cleaned up a few places in the views code which was not checking to see if slapi_str2filter returned NULL, which would happen in the case of the bogus search filter.  I also added an error message which will tell the user that filter X in entry Y is bogus.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no



Index: views.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/views/views.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10

--- views.c	10 Nov 2006 23:45:33 -0000	1.9
+++ views.c	12 Oct 2007 16:53:02 -0000	1.10
@@ -764,6 +764,12 @@
 		buf = slapi_ch_strdup(current->viewfilter);
 
 		pCurrentFilter = slapi_str2filter( buf );
+		if (!pCurrentFilter) {
+			char ebuf[BUFSIZ];
+			slapi_log_error(SLAPI_LOG_FATAL, VIEWS_PLUGIN_SUBSYSTEM,
+							"Error: the view filter [%s] in entry [%s] is not valid\n",
+							buf, escape_string(current->pDn, ebuf));
+		}
 		if(pBuiltFilter && pCurrentFilter)
 			pBuiltFilter = slapi_filter_join_ex( LDAP_FILTER_AND, pBuiltFilter, pCurrentFilter, 0 );
 		else
@@ -935,7 +941,13 @@
 		if(buf)
 		{
 			pCurrentFilter = slapi_str2filter( buf );
-			if(pOrSubFilter)
+			if (!pCurrentFilter) {
+				char ebuf[BUFSIZ];
+				slapi_log_error(SLAPI_LOG_FATAL, VIEWS_PLUGIN_SUBSYSTEM,
+								"Error: the view filter [%s] in entry [%s] is not valid\n",
+								buf, escape_string(currentChild->pDn, ebuf));
+			}
+			if(pOrSubFilter && pCurrentFilter)
 				pOrSubFilter = slapi_filter_join_ex( LDAP_FILTER_OR, pOrSubFilter, pCurrentFilter, 0 );
 			else
 				pOrSubFilter = pCurrentFilter;
@@ -994,8 +1006,14 @@
 		buf = slapi_ch_calloc(1, strlen(viewRDNstr) + 11 ); /* 3 for filter */
 		sprintf(buf, "(%s)", viewRDNstr );
 		viewSubFilter = slapi_str2filter( buf );
-		
-		if(pView->includeChildViewsFilter)
+		if (!viewSubFilter) {
+			char ebuf[BUFSIZ];
+			slapi_log_error(SLAPI_LOG_FATAL, VIEWS_PLUGIN_SUBSYSTEM,
+							"Error: the view filter [%s] in entry [%s] is not valid\n",
+							buf, escape_string(current->pDn, ebuf));
+		}
+
+		if(pView->includeChildViewsFilter && viewSubFilter)
 			pView->includeChildViewsFilter = slapi_filter_join_ex( LDAP_FILTER_OR, pView->includeChildViewsFilter, viewSubFilter, 0 );
 		else
 			pView->includeChildViewsFilter = viewSubFilter;


