[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Fri Dec 17 18:20:02 MST 2010 

The branch, master has been updated
       via  455ef46 Revert "s4-dsdb Don't talloc_free() ares on failure, as LDB might free it later"
       via  656c828 lib/ldb Remove talloc_free() that causes double-free in callbacks.
      from  6967cf2 ldb: Rename controls_except_specified -> ldb_controls_except_specified.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 455ef46785daee63cffc949ffbfbabf44e11328b
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri Dec 17 08:43:33 2010 +1100

    Revert "s4-dsdb Don't talloc_free() ares on failure, as LDB might free it later"
    
    This reverts commit 25163380239abbad28f1656c42e6fab1b92473d9 because
    further analyis showed the real problem was introduced in 0941099a
    (which changed the caller behaviour, but only for indexed searches).
    
    Andrew Bartlett
    
    Autobuild-User: Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date: Sat Dec 18 02:19:59 CET 2010 on sn-devel-104

commit 656c828b9fcd8538b1503f86f8ac499837d7fc59
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Dec 16 22:28:45 2010 +1100

    lib/ldb Remove talloc_free() that causes double-free in callbacks.
    
    This partially reverts 0941099a, which was a little over-eager in
    fixing what were presumed to be memory leaks.
    
    It is always the callbacks responsiblity to free the ares, but if they
    don't then the end of the request should handle the cleanup.
    Attempting to talloc_free() here will result (as it did in the
    descriptor module) in a double-free error if the callback does free
    it, and no other caller of ldb_module_send_entry() has this behaviour.
    
    Andrew Bartlett

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/samdb/ldb_modules/descriptor.c |    1 +
 source4/lib/ldb/ldb_tdb/ldb_index.c         |    4 +++-
 2 files changed, 4 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index b96e5b5..0ea91ba 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -545,6 +545,7 @@ static int descriptor_search_callback(struct ldb_request *req, struct ldb_reply
 	}
 
 fail:
+	talloc_free(ares);
 	return ldb_module_done(ac->req, NULL, NULL, ret);
 }
 
diff --git a/source4/lib/ldb/ldb_tdb/ldb_index.c b/source4/lib/ldb/ldb_tdb/ldb_index.c
index 71cffb9..02e4acb 100644
--- a/source4/lib/ldb/ldb_tdb/ldb_index.c
+++ b/source4/lib/ldb/ldb_tdb/ldb_index.c
@@ -966,7 +966,9 @@ static int ltdb_index_filter(const struct dn_list *dn_list,
 
 		ret = ldb_module_send_entry(ac->req, msg, NULL);
 		if (ret != LDB_SUCCESS) {
-			talloc_free(msg);
+			/* Regardless of success or failure, the msg
+			 * is the callbacks responsiblity, and should
+			 * not be talloc_free()'ed */
 			ac->request_terminated = true;
 			return ret;
 		}


-- 
Samba Shared Repository

More information about the samba-cvs mailing list