Description of problem: This bug blocks the autofs BZ #559430 (IT #366017). Please see that bug/IT for details about the test case, reproducer, etc. The cyrus-sasl has a source code which disposes a sasl's connection information. On the following source code, "pconn" is the information. Because the "pconn" is used by multi-threads, under certain conditions sasl_dispose returns without unlocking the mutex. --cyrus-sasl-2.1.22/lib/common.c(Original source) 781|/* dispose connection state, sets it to NULL 782| * checks for pointer to NULL 783| */ 784|void sasl_dispose(sasl_conn_t **pconn) 785|{ 786| int result; 787| 788| if (! pconn) return; 789| if (! *pconn) return; <---#1 790| 791| /* serialize disposes. this is necessary because we can't 792| dispose of conn->mutex if someone else is locked on it */ 793| result = sasl_MUTEX_LOCK(free_mutex); <---#2 794| if (result!=SASL_OK) return; 795| 796| /* *pconn might have become NULL by now */ 797| if (! (*pconn)) return; <---#3 798| 799| (*pconn)->destroy_conn(*pconn); 800| sasl_FREE(*pconn); 801| *pconn=NULL; 802| 803| sasl_MUTEX_UNLOCK(free_mutex); 804|} 805| On the above source, there is a case that the mutex's lock isn't released. Because the part of #1 is the same as the part of #3, a process doesn't usually return at the part of #3. However, the process returns at the part of #3 just when "*pconn" is changed to NULL from another thread at the part of #2. If the process returns at the part of #3, the mutex's lock isn't released. We fixed the code so that the mutex's lock is released even if the process returns at the part of #3. ----- /* *pconn might have become NULL by now */ - if (! (*pconn)) return; + if (! (*pconn)) + { + sasl_MUTEX_UNLOCK(free_mutex); + return; + } (*pconn)->destroy_conn(*pconn); sasl_FREE(*pconn); ------ Version-Release number of selected component (if applicable): cyrus-sasl-2.1.22-5.el5 How reproducible: When autofs is under high load. Steps to Reproduce: See BZ #559430 Actual results: The automount aborts when it authenticates by DIGEST-MD5. Expected results: Automount should not abort. Additional info:
Created attachment 387961 [details] proposed patch
Setting priority to high as I believe this is a high impact customer issue.