RHEL6 init.d script (was Re: Initscript Debian Wheezy)

Jeremy Allison jra at samba.org
Tue Sep 11 15:51:48 MDT 2012

On Tue, Sep 11, 2012 at 11:43:14PM +0200, Stefan (metze) Metzmacher wrote:
> I think we never set state->pp_self_ref to NULL
> but still call TALLOC_FREE(state->pp_self_ref);
> in some error cases.

I just did a git grep and searched for all
uses of 'TALLOC_FREE(state->pp_self_ref);'

In *every* case this is only called after
the comment:

/* we want to keep the session */

So we only ever see it used in the code path:

                /* we want to keep the session */

Check it out. It's never called in any error case - by
design (as I recall when I wrote this code :-).

> Which might trigger a double free.
> so when we set (*pp_state)->session = NULL,
> we should also sete (*pp_state)->pp_self_ref = NULL.
> Otherwise we still leave an invalid pointer.

Nope, still don't see it.


More information about the samba-technical mailing list