| commit | 81130d3ede825f5e9fd3a6e509910211a3844608 | |
| author | Amitay Isaacs <amitay@gmail.com> | |
| Mon, 6 Feb 2017 04:54:55 +0000 (6 15:54 +1100) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Fri, 17 Feb 2017 11:26:21 +0000 (17 12:26 +0100) | ||
| tree | f05b9341366f3308703a481e697adb3f2e997e4d | treesnapshot (tar.gz zip) |
| parent | f289980e5531372dd63ec483e265e48efb8cf207 | commitdiff |
ctdb-common: Fix use-after-free error in comm_fd_handler()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12580
comm_write_send() creates a new tevent_req and adds it to the queue
of requests to be processed. If this tevent_req is freed, then the
queue entry is not removed causing use-after-free error.
If the tevent_req returned by comm_write_send() is freed, then that
request should be removed from the queue and any pending actions based
on that request should also be removed.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 9db7785fc6ffbaad434ee189c0f46c488358aab5)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12580
comm_write_send() creates a new tevent_req and adds it to the queue
of requests to be processed. If this tevent_req is freed, then the
queue entry is not removed causing use-after-free error.
If the tevent_req returned by comm_write_send() is freed, then that
request should be removed from the queue and any pending actions based
on that request should also be removed.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 9db7785fc6ffbaad434ee189c0f46c488358aab5)
| ctdb/common/comm.c | diffblobblamehistory |