[SCM] Samba Shared Repository - branch master updated

Andrew Tridgell tridge at samba.org
Fri Apr 2 02:46:10 MDT 2010 

The branch, master has been updated
       via  7d692f9... s4-rpc: fixed a talloc loop in continue_ntlmssp_connection()
      from  53dec15... s3: Fix a comment

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 7d692f970a43e3d357549b02f905fa08d27ae8c8
Author: Andrew Tridgell <tridge at samba.org>
Date:   Fri Apr 2 19:08:24 2010 +1100

    s4-rpc: fixed a talloc loop in continue_ntlmssp_connection()
    
    We were creating a memory loop which caused havoc when the connection
    was torn down.

-----------------------------------------------------------------------

Summary of changes:
 source4/librpc/rpc/dcerpc_util.c |   24 ++++++++++++++++++++++++
 1 files changed, 24 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index 8fd17bd..b71e306 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -422,6 +422,7 @@ static void continue_ntlmssp_connection(struct composite_context *ctx)
 	struct pipe_auth_state *s;
 	struct composite_context *auth_req;
 	struct dcerpc_pipe *p2;
+	void *pp;
 
 	c = talloc_get_type(ctx->async.private_data, struct composite_context);
 	s = talloc_get_type(c->private_data, struct pipe_auth_state);
@@ -430,8 +431,31 @@ static void continue_ntlmssp_connection(struct composite_context *ctx)
 	c->status = dcerpc_secondary_connection_recv(ctx, &p2);
 	if (!composite_is_ok(c)) return;
 
+
+	/* this is a rather strange situation. When
+	   we come into the routine, s is a child of s->pipe, and
+	   when we created p2 above, it also became a child of
+	   s->pipe.
+
+	   Now we want p2 to be a parent of s->pipe, and we want s to
+	   be a parent of both of them! If we don't do this very
+	   carefully we end up creating a talloc loop
+	*/
+
+	/* we need the new contexts to hang off the same context
+	   that s->pipe is on, but the only way to get that is
+	   via talloc_parent() */
+	pp = talloc_parent(s->pipe);
+
+	/* promote s to be at the top */
+	talloc_steal(pp, s);
+
+	/* and put p2 under s */
 	talloc_steal(s, p2);
+
+	/* now put s->pipe under p2 */
 	talloc_steal(p2, s->pipe);
+
 	s->pipe = p2;
 
 	/* initiate a authenticated bind */


-- 
Samba Shared Repository

More information about the samba-cvs mailing list