[PATCH] Issue 4711 - SIGSEV with sync_repl (#4738)

Bug description:
	sync_repl sends back entries identified with a unique
	identifier that is 'nsuniqueid'. If 'nsuniqueid' is
	missing, then it may crash

Fix description:
	Check a nsuniqueid is available else returns OP_ERR

relates: https://github.com/389ds/389-ds-base/issues/4711

Reviewed by: Pierre Rogier, James Chapman, William Brown (Thanks!)

Platforms tested:  F33

Gbp-Pq: Name CVE-2021-3514.patch

diff --git a/ldap/servers/plugins/sync/sync_util.c b/ldap/servers/plugins/sync/sync_util.c
index 73f003921638577403f80ca8a04e055649d2480f..1e036a7edd46c721ec245ea4e2f94c2d58db95cf 100644 (file)
--- a/ldap/servers/plugins/sync/sync_util.c
+++ b/ldap/servers/plugins/sync/sync_util.c
@@ -126,8 +126,8 @@ sync_create_state_control(Slapi_Entry *e, LDAPControl **ctrlp, int type, Sync_Co
     BerElement *ber;
     struct berval *bvp;
     char *uuid;
-    Slapi_Attr *attr;
-    Slapi_Value *val;
+    Slapi_Attr *attr = NULL;
+    Slapi_Value *val = NULL;
 
     if (type == LDAP_SYNC_NONE || ctrlp == NULL || (ber = der_alloc()) == NULL) {
         return (LDAP_OPERATIONS_ERROR);
@@ -137,6 +137,14 @@ sync_create_state_control(Slapi_Entry *e, LDAPControl **ctrlp, int type, Sync_Co
 
     slapi_entry_attr_find(e, SLAPI_ATTR_UNIQUEID, &attr);
     slapi_attr_first_value(attr, &val);
+    if ((attr == NULL) || (val == NULL)) {
+        /* It may happen with entries in special backends
+         * such like cn=config, cn=shema, cn=monitor...
+         */
+        slapi_log_err(SLAPI_LOG_ERR, SYNC_PLUGIN_SUBSYSTEM,
+                     "sync_create_state_control - Entries are missing nsuniqueid. Unable to proceed.\n");
+        return (LDAP_OPERATIONS_ERROR);
+    }
     uuid = sync_nsuniqueid2uuid(slapi_value_get_string(val));
     if ((rc = ber_printf(ber, "{eo", type, uuid, 16)) != -1) {
         if (cookie) {