RHEL6 init.d script (was Re: Initscript Debian Wheezy)
Jeremy Allison
jra at samba.org
Tue Sep 11 15:51:48 MDT 2012
On Tue, Sep 11, 2012 at 11:43:14PM +0200, Stefan (metze) Metzmacher wrote:
>
> I think we never set state->pp_self_ref to NULL
> but still call TALLOC_FREE(state->pp_self_ref);
> in some error cases.
I just did a git grep and searched for all
uses of 'TALLOC_FREE(state->pp_self_ref);'
In *every* case this is only called after
the comment:
/* we want to keep the session */
So we only ever see it used in the code path:
/* we want to keep the session */
TALLOC_FREE(state->pp_self_ref);
tevent_req_done(req);
return;
Check it out. It's never called in any error case - by
design (as I recall when I wrote this code :-).
> Which might trigger a double free.
> so when we set (*pp_state)->session = NULL,
> we should also sete (*pp_state)->pp_self_ref = NULL.
> Otherwise we still leave an invalid pointer.
Nope, still don't see it.
Jeremy.
More information about the samba-technical
mailing list