Hi Stephen, Well, I suppose it could be argued this is not RC, but it also looks like a straightforward target for an NMU, so I'll opt for the latter.
My NMU diff is attached; I'm only applying the first part of Dean's patch, fixing the fd leak, and not the second part trying to address thread safety given that it's not a complete fix for the thread-safety issues. NMU will be uploaded to incoming shortly. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
diff -u libnss-ldap-251/ldap-nss.c libnss-ldap-251/ldap-nss.c --- libnss-ldap-251/ldap-nss.c +++ libnss-ldap-251/ldap-nss.c @@ -849,23 +849,29 @@ NSS_LDAP_SOCKLEN_T peernamelen = sizeof (peername); if (getsockname (*sd, (struct sockaddr *) &sockname, &socknamelen) != 0 || - getpeername (*sd, (struct sockaddr *) &peername, &peernamelen) != 0) + !do_sockaddr_isequal (&__session.ls_sockname, socknamelen, + &sockname, socknamelen)) { isOurSocket = 0; } + /* + * XXX: We don't pay any attention to return codes in places such as + * do_search_s so we never observe when the other end has disconnected + * our socket. In that case we'll get an ENOTCONN error here... and + * it's best we ignore the error -- otherwise we'll leak a filedescriptor. + * The correct fix would be to test error codes in many places. + */ + else if (getpeername (*sd, (struct sockaddr *) &peername, &peernamelen) != 0) + { + if (errno != ENOTCONN) + isOurSocket = 0; + } else { - isOurSocket = do_sockaddr_isequal (&__session.ls_sockname, - socknamelen, - &sockname, - socknamelen); - if (isOurSocket) - { - isOurSocket = do_sockaddr_isequal (&__session.ls_peername, - peernamelen, - &peername, - peernamelen); - } + isOurSocket = do_sockaddr_isequal (&__session.ls_peername, + peernamelen, + &peername, + peernamelen); } } #endif /* HAVE_LDAPSSL_CLIENT_INIT */ diff -u libnss-ldap-251/debian/changelog libnss-ldap-251/debian/changelog --- libnss-ldap-251/debian/changelog +++ libnss-ldap-251/debian/changelog @@ -1,3 +1,14 @@ +libnss-ldap (251-7.5) unstable; urgency=high + + * Non-maintainer upload. + * High-urgency upload for RC bugfix. + * Fix a file descriptor leak on server socket shutdown, which can cause a + long-lived process (particularly nscd) to quickly run out of file + descriptors. Thanks to Dean Gaudet <[EMAIL PROTECTED]> for the patch. + Closes: #401758. + + -- Steve Langasek <[EMAIL PROTECTED]> Sun, 25 Mar 2007 04:02:15 -0700 + libnss-ldap (251-7.4) unstable; urgency=low * Non-maintainer upload to fix forgotten issues in the previous NMU.