Bug#401758: leaks file descriptors (connections to the LDAP server)

Steve Langasek Sun, 25 Mar 2007 04:11:02 -0800

Hi Stephen,

Well, I suppose it could be argued this is not RC, but it also looks like a
straightforward target for an NMU, so I'll opt for the latter.


My NMU diff is attached; I'm only applying the first part of Dean's patch,
fixing the fd leak, and not the second part trying to address thread safety
given that it's not a complete fix for the thread-safety issues.

NMU will be uploaded to incoming shortly.

Thanks,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
[EMAIL PROTECTED]                                   http://www.debian.org/

diff -u libnss-ldap-251/ldap-nss.c libnss-ldap-251/ldap-nss.c
--- libnss-ldap-251/ldap-nss.c
+++ libnss-ldap-251/ldap-nss.c
@@ -849,23 +849,29 @@
       NSS_LDAP_SOCKLEN_T peernamelen = sizeof (peername);
 
       if (getsockname (*sd, (struct sockaddr *) &sockname, &socknamelen) != 0 ||
-          getpeername (*sd, (struct sockaddr *) &peername, &peernamelen) != 0)
+          !do_sockaddr_isequal (&__session.ls_sockname, socknamelen,
+                                &sockname, socknamelen))
 	{
 	  isOurSocket = 0;
 	}
+      /*
+       * XXX: We don't pay any attention to return codes in places such as
+       * do_search_s so we never observe when the other end has disconnected
+       * our socket.  In that case we'll get an ENOTCONN error here... and
+       * it's best we ignore the error -- otherwise we'll leak a filedescriptor.
+       * The correct fix would be to test error codes in many places.
+       */
+      else if (getpeername (*sd, (struct sockaddr *) &peername, &peernamelen) != 0)
+	{
+	  if (errno != ENOTCONN)
+	    isOurSocket = 0;
+	}
       else
 	{
-	  isOurSocket = do_sockaddr_isequal (&__session.ls_sockname,
-					     socknamelen,
-					     &sockname,
-					     socknamelen);
-	  if (isOurSocket)
-	    {
-	      isOurSocket = do_sockaddr_isequal (&__session.ls_peername,
-					         peernamelen,
-					         &peername,
-					         peernamelen);
-	    }
+	  isOurSocket = do_sockaddr_isequal (&__session.ls_peername,
+					     peernamelen,
+					     &peername,
+					     peernamelen);
 	}
     }
 #endif /* HAVE_LDAPSSL_CLIENT_INIT */
diff -u libnss-ldap-251/debian/changelog libnss-ldap-251/debian/changelog
--- libnss-ldap-251/debian/changelog
+++ libnss-ldap-251/debian/changelog
@@ -1,3 +1,14 @@
+libnss-ldap (251-7.5) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * High-urgency upload for RC bugfix.
+  * Fix a file descriptor leak on server socket shutdown, which can cause a
+    long-lived process (particularly nscd) to quickly run out of file
+    descriptors.  Thanks to Dean Gaudet <[EMAIL PROTECTED]> for the patch.
+    Closes: #401758.
+
+ -- Steve Langasek <[EMAIL PROTECTED]>  Sun, 25 Mar 2007 04:02:15 -0700
+
 libnss-ldap (251-7.4) unstable; urgency=low
 
   * Non-maintainer upload to fix forgotten issues in the previous NMU.

Bug#401758: leaks file descriptors (connections to the LDAP server)

Reply via email to