autofs-5.0.8 - extend libldap serialization From: Leonardo Chiquitto It's necessary to serialize calls to ldap_unbind() as well as the initial bind. --- CHANGELOG | 1 + modules/lookup_ldap.c | 20 ++++++++++++++++---- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 6ff7c9b..da83d17 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -14,6 +14,7 @@ - fix rpc_getport() when libtirpc is disabled. - fix rpc_getrpcbport() when libtirpc is disabled. - don't reset errno. +- extend fix for crash due to thread unsafe use of libldap. 17/10/2013 autofs-5.0.8 ======================= diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c index 04b1da7..fd96d1d 100644 --- a/modules/lookup_ldap.c +++ b/modules/lookup_ldap.c @@ -53,8 +53,9 @@ static struct ldap_schema common_schema[] = { static unsigned int common_schema_count = sizeof(common_schema)/sizeof(struct ldap_schema); /* - * Initialization of LDAP and OpenSSL must be always serialized to - * avoid corruption of context structures inside these libraries. + * Initialization and de-initialization of LDAP and OpenSSL must be + * always serialized to avoid corruption of context structures inside + * these libraries. */ pthread_mutex_t ldapinit_mutex = PTHREAD_MUTEX_INITIALIZER; @@ -203,7 +204,7 @@ int bind_ldap_simple(unsigned logopt, LDAP *ldap, const char *uri, struct lookup return 0; } -int unbind_ldap_connection(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt) +int __unbind_ldap_connection(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt) { int rv; @@ -220,6 +221,17 @@ int unbind_ldap_connection(unsigned logopt, LDAP *ldap, struct lookup_context *c return rv; } +int unbind_ldap_connection(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt) +{ + int rv; + + ldapinit_mutex_lock(); + rv = __unbind_ldap_connection(logopt, ldap, ctxt); + ldapinit_mutex_unlock(); + + return rv; +} + LDAP *__init_ldap_connection(unsigned logopt, const char *uri, struct lookup_context *ctxt) { LDAP *ldap = NULL; @@ -280,7 +292,7 @@ LDAP *__init_ldap_connection(unsigned logopt, const char *uri, struct lookup_con rv = ldap_start_tls_s(ldap, NULL, NULL); if (rv != LDAP_SUCCESS) { - unbind_ldap_connection(logopt, ldap, ctxt); + __unbind_ldap_connection(logopt, ldap, ctxt); if (ctxt->tls_required) { error(logopt, MODPREFIX "TLS required but START_TLS failed: %s",