| commit | 87a42e6c10ab4e31ecbf16d16cadd32e252f305c | |
| author | Martin Schwenke <martin@meltin.net> | |
| Tue, 30 Aug 2016 22:29:13 +0000 (31 08:29 +1000) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Tue, 13 Sep 2016 14:04:05 +0000 (13 16:04 +0200) | ||
| tree | 0534eedc9f7990a93f785aec053d43f509e6a10f | treesnapshot (tar.gz zip) |
| parent | f91cc13ab7a9a4115604260167c404ea262f685f | commitdiff |
ctdb-daemon: Don't steal control structure before synchronous reply
If *async_reply isn't set then the calling code will reply to the
control and free the control structure. In some places the control
structure pointer is stolen onto state before a synchronous exit due
to an error condition. The error handling then frees state and
returns an error. The calling code will access-after-free when trying
to reply to the control.
To make this easier to understand, the convention is that any
(immediate) error results in a synchronous reply to the control via an
error return code AND *async_reply not being set. In this case the
control structure pointer should never be stolen onto state. State is
never used for a synchronous reply, it is only ever used by a
callback.
Also initialise state->c to NULL so that any premature call to a
callback (e.g. in an immediate error path) is more obvious.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12180
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 9d975b860d52030a702723c70791c6a2829107c0)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Sep 13 16:04:10 CEST 2016 on sn-devel-144
If *async_reply isn't set then the calling code will reply to the
control and free the control structure. In some places the control
structure pointer is stolen onto state before a synchronous exit due
to an error condition. The error handling then frees state and
returns an error. The calling code will access-after-free when trying
to reply to the control.
To make this easier to understand, the convention is that any
(immediate) error results in a synchronous reply to the control via an
error return code AND *async_reply not being set. In this case the
control structure pointer should never be stolen onto state. State is
never used for a synchronous reply, it is only ever used by a
callback.
Also initialise state->c to NULL so that any premature call to a
callback (e.g. in an immediate error path) is more obvious.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12180
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 9d975b860d52030a702723c70791c6a2829107c0)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Sep 13 16:04:10 CEST 2016 on sn-devel-144
| ctdb/server/ctdb_takeover.c | diffblobblamehistory | |
| ctdb/server/eventscript.c | diffblobblamehistory |