[SCM] CTDB repository - branch master updated - 15bc66ae801b0c69a65a7a2acf5df151e76edc2a

Ronnie Sahlberg sahlberg at samba.org
Fri Jul 11 00:43:28 GMT 2008 

The branch, master has been updated
       via  15bc66ae801b0c69a65a7a2acf5df151e76edc2a (commit)
      from  f4a6dd98c86f2028c00b62313a071a94cafc95f9 (commit)

http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 15bc66ae801b0c69a65a7a2acf5df151e76edc2a
Author: Ronnie Sahlberg <ronniesahlberg at gmail.com>
Date:   Fri Jul 11 10:33:46 2008 +1000

    Fix a very subtle race where we could get a double free of a talloced
    memory if ctdb_run_eventscript() would be called
    during processing of ctdb_event_script_timeout() for
    user unvoked eventscripts. (eventsccripts invoked by "ctdb eventscript ...")
    
    Signed-off-by: Ronnie Sahlberg <ronniesahlberg at gmail.com>

-----------------------------------------------------------------------

Summary of changes:
 server/eventscript.c |   13 +++++++++----
 1 files changed, 9 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/server/eventscript.c b/server/eventscript.c
index 1d42b2b..3168122 100644
--- a/server/eventscript.c
+++ b/server/eventscript.c
@@ -252,10 +252,15 @@ static void ctdb_event_script_timeout(struct event_context *ev, struct timed_eve
 	void (*callback)(struct ctdb_context *, int, void *) = state->callback;
 	void *private_data = state->private_data;
 	struct ctdb_context *ctdb = state->ctdb;
+	char *options;
 
 	DEBUG(DEBUG_ERR,("Event script timed out : %s count : %u\n", state->options, ctdb->event_script_timeouts));
 
-	if (!strcmp(state->options, "monitor")) {
+	options = talloc_strdup(ctdb, state->options);
+	CTDB_NO_MEMORY_VOID(ctdb, options);
+
+	talloc_free(state);
+	if (!strcmp(options, "monitor")) {
 		/* if it is a monitor event, we allow it to "hang" a few times
 		   before we declare it a failure and ban ourself (and make
 		   ourself unhealthy)
@@ -271,7 +276,7 @@ static void ctdb_event_script_timeout(struct event_context *ev, struct timed_eve
 		} else {
 		  	callback(ctdb, 0, private_data);
 		}
-	} else if (!strcmp(state->options, "startup")) {
+	} else if (!strcmp(options, "startup")) {
 		DEBUG(DEBUG_ERR, (__location__ " eventscript for startup event timedout.\n"));
 		callback(ctdb, -1, private_data);
 	} else {
@@ -281,7 +286,7 @@ static void ctdb_event_script_timeout(struct event_context *ev, struct timed_eve
 		callback(ctdb, -1, private_data);
 	}
 
-	talloc_free(state);
+	talloc_free(options);
 }
 
 /*
@@ -480,7 +485,7 @@ int32_t ctdb_run_eventscripts(struct ctdb_context *ctdb,
 	state = talloc(ctdb->eventscripts_ctx, struct eventscript_callback_state);
 	CTDB_NO_MEMORY(ctdb, state);
 
-	state->c = talloc_steal(ctdb, c);
+	state->c = talloc_steal(state, c);
 
 	DEBUG(DEBUG_NOTICE,("Forced running of eventscripts with arguments %s\n", indata.dptr));
 


-- 
CTDB repository

More information about the samba-cvs mailing list