From 5cc13c70dfe22d95686bec9214c53f1b4114cd90 Mon Sep 17 00:00:00 2001 From: James Chapman Date: Fri, 1 Aug 2025 13:27:02 +0100 Subject: [PATCH] Issue 6768 - ns-slapd crashes when a referral is added (#6780) Bug description: When a paged result search is successfully run on a referred suffix, we retrieve the search result set from the pblock and try to release it. In this case the search result set is NULL, which triggers a SEGV during the release. Fix description: If the search result code is LDAP_REFERRAL, skip deletion of the search result set. Added test case. Fixes: https://github.com/389ds/389-ds-base/issues/6768 Reviewed by: @tbordaz, @progier389 (Thank you) --- .../paged_results/paged_results_test.py | 46 +++++++++++++++++++ ldap/servers/slapd/opshared.c | 4 +- 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/dirsrvtests/tests/suites/paged_results/paged_results_test.py b/dirsrvtests/tests/suites/paged_results/paged_results_test.py index fca48db0f..1bb94b53a 100644 --- a/dirsrvtests/tests/suites/paged_results/paged_results_test.py +++ b/dirsrvtests/tests/suites/paged_results/paged_results_test.py @@ -1271,6 +1271,52 @@ def test_search_stress_abandon(create_40k_users, create_user): paged_search(conn, create_40k_users.suffix, [req_ctrl], search_flt, searchreq_attrlist, abandon_rate=abandon_rate) +def test_search_referral(topology_st): + """Test a paged search on a referred suffix doesnt crash the server. + + :id: c788bdbf-965b-4f12-ac24-d4d695e2cce2 + + :setup: Standalone instance + + :steps: + 1. Configure a default referral. + 2. Create a paged result search control. + 3. Paged result search on referral suffix (doesnt exist on the instance, triggering a referral). + 4. Check the server is still running. + 5. Remove referral. + + :expectedresults: + 1. Referral sucessfully set. + 2. Control created. + 3. Search returns ldap.REFERRAL (10). + 4. Server still running. + 5. Referral removed. + """ + + page_size = 5 + SEARCH_SUFFIX = "dc=referme,dc=com" + REFERRAL = "ldap://localhost.localdomain:389/o%3dnetscaperoot" + + log.info('Configuring referral') + topology_st.standalone.config.set('nsslapd-referral', REFERRAL) + referral = topology_st.standalone.config.get_attr_val_utf8('nsslapd-referral') + assert (referral == REFERRAL) + + log.info('Create paged result search control') + req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='') + + log.info('Perform a paged result search on referred suffix, no chase') + with pytest.raises(ldap.REFERRAL): + topology_st.standalone.search_ext_s(SEARCH_SUFFIX, ldap.SCOPE_SUBTREE, serverctrls=[req_ctrl]) + + log.info('Confirm instance is still running') + assert (topology_st.standalone.status()) + + log.info('Remove referral') + topology_st.standalone.config.remove_all('nsslapd-referral') + referral = topology_st.standalone.config.get_attr_val_utf8('nsslapd-referral') + assert (referral == None) + if __name__ == '__main__': # Run isolated # -s for DEBUG mode diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c index 14a7dcdfb..03ed60981 100644 --- a/ldap/servers/slapd/opshared.c +++ b/ldap/servers/slapd/opshared.c @@ -879,7 +879,9 @@ op_shared_search(Slapi_PBlock *pb, int send_result) /* Free the results if not "no_such_object" */ void *sr = NULL; slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr); - be->be_search_results_release(&sr); + if (be->be_search_results_release != NULL) { + be->be_search_results_release(&sr); + } } pagedresults_set_search_result(pb_conn, operation, NULL, 1, pr_idx); rc = pagedresults_set_current_be(pb_conn, NULL, pr_idx, 1); -- 2.49.0