[PATCH] Fix FSMO timeoutes by clearing transaction buffer

Stefan (metze) Metzmacher metze at samba.org
Tue Jan 15 10:11:17 MST 2013 

Hi Andrew,

> From 6f8a4ebabe7228d5c9f2bf33066a00d6126dec78 Mon Sep 17 00:00:00 2001
> From: Andrew Bartlett <abartlet at samba.org>
> Date: Sat, 17 Nov 2012 11:49:25 +1100
> Subject: [PATCH 1/5] dsdb: Fix talloc issues in dsdb_schema_copy_shallow
> 
> The problem was that we did not clear these structure members before
> we regenerated these values in schema_fill_constructed().  The
> talloc_realloc() in the schema_fill_possible_inferiors() and
> schema_fill_system_possible_inferiors() calls would then use the old
> talloc parent (cls, a child of schema) not cls_copy (a child of
> schema_copy).
> 
> We also did not take a reference to the original class, to ensure the
> other pointers remained valid.
> 
> As well as altering the original values in cls, if in the meantime the
> original talloc parent (schema) would go away, we would use memory
> after free().  (This is how I found the issue).
> 
> Andrew Bartlett
> ---
>  source4/dsdb/schema/schema_init.c | 32 ++++++++++++++++++++++++++++----
>  1 file changed, 28 insertions(+), 4 deletions(-)
> 
> diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c
> index 752d4f5..0e8a3d5 100644
> --- a/source4/dsdb/schema/schema_init.c
> +++ b/source4/dsdb/schema/schema_init.c
> @@ -75,21 +75,45 @@ struct dsdb_schema *dsdb_schema_copy_shallow(TALLOC_CTX *mem_ctx,
>  
>  	/* copy classes and attributes*/
>  	for (cls = schema->classes; cls; cls = cls->next) {
> -		struct dsdb_class *class_copy = talloc_memdup(schema_copy,
> -							      cls, sizeof(*cls));
> +		struct dsdb_class *class_copy = talloc(schema_copy, struct dsdb_class);
>  		if (!class_copy) {
>  			goto failed;
>  		}
> +		
> +		/* 
> +		 * We must take a reference here, otherwise the
> +		 * pointers in class_copy might become invalid if the
> +		 * original schema goes away first.
> +		 */
> +		if (!talloc_reference(class_copy, cls)) {
> +			goto failed;
> +		}

I think we should not add a talloc_reference() here,
unless you can prove that it's 100% needed.

The last time I looked at this patch I had the impression
that all callers keep the old schema arround (otherwise
the whole function doesn't work).

> +		*class_copy = *cls;
> +

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130115/56e5798f/attachment.pgp>

More information about the samba-technical mailing list