Red Hat Bugzilla – Bug 560532
Race condition in libsasl in multi threaded applications
Last modified: 2013-09-23 07:00:41 EDT
Description of problem:
This bug blocks the autofs BZ #559430 (IT #366017). Please see that bug/IT for details about the test case, reproducer, etc.
The cyrus-sasl has a source code which disposes a sasl's connection
information. On the following source code, "pconn" is the information.
Because the "pconn" is used by multi-threads, under certain conditions sasl_dispose returns without unlocking the mutex.
781|/* dispose connection state, sets it to NULL
782| * checks for pointer to NULL
784|void sasl_dispose(sasl_conn_t **pconn)
786| int result;
788| if (! pconn) return;
789| if (! *pconn) return; <---#1
791| /* serialize disposes. this is necessary because we can't
792| dispose of conn->mutex if someone else is locked on it */
793| result = sasl_MUTEX_LOCK(free_mutex); <---#2
794| if (result!=SASL_OK) return;
796| /* *pconn might have become NULL by now */
797| if (! (*pconn)) return; <---#3
On the above source, there is a case that the mutex's lock isn't
Because the part of #1 is the same as the part of #3, a process doesn't
usually return at the part of #3. However, the process returns at the part of #3 just when "*pconn" is changed to NULL from another thread at the part of #2.
If the process returns at the part of #3, the mutex's lock isn't released.
We fixed the code so that the mutex's lock is released even if the process returns at the part of #3.
/* *pconn might have become NULL by now */
- if (! (*pconn)) return;
+ if (! (*pconn))
Version-Release number of selected component (if applicable):
When autofs is under high load.
Steps to Reproduce:
See BZ #559430
The automount aborts when it authenticates by DIGEST-MD5.
Automount should not abort.
Created attachment 387961 [details]
Setting priority to high as I believe this is a high impact