s3-dcerpc: Break memory hierarchy for shared structure
Andreas Schneider
asn at samba.org
Sat Jul 17 03:57:57 MDT 2010
On Thursday 15 July 2010 09:07:32 Andrew Bartlett wrote:
> On Wed, 2010-07-14 at 08:04 -0500, Andreas Schneider wrote:
> > The branch, master has been updated
> >
> > via 23ad691... s3-dcerpc: Break memory hierarchy for shared
> > structure
> >
> > from d35e900... s4: Added acl search tests for anonymous
> > connection.
> >
> > http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
> >
> >
> > - Log -----------------------------------------------------------------
> > commit 23ad6919a1e5f16d02e22adcf36ea7f039a9eeea
> > Author: Simo Sorce <idra at samba.org>
> > Date: Wed Jul 14 08:57:47 2010 -0400
> >
> > s3-dcerpc: Break memory hierarchy for shared structure
> >
> > Handles are shared among multiple pipes_struct. We cannot allocate
> > them on any specific pipes_struct or it will vanish for all others
> > as soon as that pipes_struct is freed, leaving back dangling
> > pointers.
> >
> > Signed-off-by: Andreas Schneider <asn at samba.org>
> >
> > -----------------------------------------------------------------------
> >
> > Summary of changes:
> > source3/rpc_server/rpc_handles.c | 2 +-
> > 1 files changed, 1 insertions(+), 1 deletions(-)
> >
> > Changeset truncated at 500 lines:
> >
> > diff --git a/source3/rpc_server/rpc_handles.c
> > b/source3/rpc_server/rpc_handles.c index bfdc7a8..e073fe4 100644
> > --- a/source3/rpc_server/rpc_handles.c
> > +++ b/source3/rpc_server/rpc_handles.c
> > @@ -103,7 +103,7 @@ bool init_pipe_handles(pipes_struct *p, const struct
> > ndr_syntax_id *syntax)
> >
> > /*
> >
> > * First open, we have to create the handle list
> > */
> >
> > - hl = talloc_zero(p, struct handle_list);
> > + hl = talloc_zero(NULL, struct handle_list);
> >
> > if (hl == NULL) {
> >
> > return false;
> >
> > }
>
Hi Andrew,
> Out of interest, what now cleans this up? I would have expected this to
> be solved with talloc_reference(), but I assume something else now holds
> the reference count?
sorry for the late reply. Simo I think we need the while loop in
close_policy_by_pipe() again to clean this up?
while (p->pipe_handles->handles) {
close_policy_hnd(p, &p->pipe_handles->handles->wire_handle);
}
-- andreas
More information about the samba-technical
mailing list