[SCM] Samba Shared Repository - branch master updated
Volker Lendecke
vlendec at samba.org
Tue Apr 6 06:09:42 MDT 2010
The branch, master has been updated
via 96ae3ee... fix a segfault in the notify subsystem
from 449bdf3... s4-python: Move set_session_info to PySambaLdb.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 96ae3ee80391e69d2a2c75705a9374b27b2117c8
Author: Christian Ambach <christian.ambach at de.ibm.com>
Date: Mon Apr 5 14:12:52 2010 +0200
fix a segfault in the notify subsystem
When the notify_array cannot be loaded correctly,
do not keep the half-baked parsing results in the global variable.
This can lead to segfaults next time notify_load is entered and
the seqnum has not changed. This has been seen in a case
where mixed smbd versions were running in a CTDB cluster
(versions with and w/o commit c216d1e6 that changed the
notify_entry structure).
There will be missed notifications until all smbds are at the
same software level, but this should be acceptable and is better
than crashing and interrupting client operations.
This fix cleans up the notify_array, removes the unparseable data
from the TDB and returns a fresh notify_array that can be worked
with.
The NDR_PRINT_DEBUG had to be moved to only be called when the
parsing succeeded, it was seen to cause additional segfaults.
The status variable is intentionally left to NT_STATUS_OK to not
make callers abort and report errors to the clients and make them
disconnect.
Signed-off-by: Christian Ambach <christian.ambach at de.ibm.com>
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/notify_internal.c | 21 ++++++++++++++++-----
1 files changed, 16 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/notify_internal.c b/source3/smbd/notify_internal.c
index bdd4f50..22801e9 100644
--- a/source3/smbd/notify_internal.c
+++ b/source3/smbd/notify_internal.c
@@ -214,14 +214,25 @@ static NTSTATUS notify_load(struct notify_context *notify, struct db_record *rec
ndr_err = ndr_pull_struct_blob(&blob, notify->array, NULL, notify->array,
(ndr_pull_flags_fn_t)ndr_pull_notify_array);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- status = ndr_map_error2ntstatus(ndr_err);
+ /* 1. log that we got a corrupt notify_array
+ * 2. clear the variable the garbage was stored into to not trip
+ * over it next time this method is entered with the same seqnum
+ * 3. delete it from the database */
+ DEBUG(2, ("notify_array is corrupt, discarding it\n"));
+
+ ZERO_STRUCTP(notify->array);
+ if (rec != NULL) {
+ rec->delete_rec(rec);
+ }
+
+ } else {
+ if (DEBUGLEVEL >= 10) {
+ DEBUG(10, ("notify_load:\n"));
+ NDR_PRINT_DEBUG(notify_array, notify->array);
+ }
}
}
- if (DEBUGLEVEL >= 10) {
- DEBUG(10, ("notify_load:\n"));
- NDR_PRINT_DEBUG(notify_array, notify->array);
- }
if (!rec) {
talloc_free(dbuf.dptr);
--
Samba Shared Repository
More information about the samba-cvs
mailing list