[PATCH] Version 2: Patchset for bug #10344 - SessionLogoff on a signed connection with an outstanding notify request crashes smbd.

Stefan (metze) Metzmacher metze at samba.org
Wed Mar 12 09:41:32 MDT 2014


Hi Jeremy,

>> Sorry - this is a really long reply. But it covers
>> a lot of ground (and I think I've found a bug in
>> metze.diff also - more on that below).
>>
>> Metze if you want to jump to the bug in the logic
>> in your patch just search for :
>>
>> ******METZE***BUG***ALERT***********
>>
>> below :-).
> 
> OK, I'm wrong. Sorry. I went through
> lib/tevent/tevent_queue.c again really
> carefully (yet again... :-) and I had
> missed the case that when struct tevent_queue_entry *e
> is removed in the tevent_queue_entry_destructor() the
> trigger called is that of the
> new head of the list, q->list,
> *not* the next pointer of the
> deleted event e->next.
> 
> So it *IS* going to wait for all of
> them to be done without an implicit
> ordering.

It's just a queue as in real life...
Only the first one is served and when he leaves the next one comes
and anyone else can silently join or leave the queue.

> Sorry for the noise :-). Does
> make my point about how opaque
> the internals of lib/tevent/tevent_queue.c
> are though !

There might be potential to updated the documentation,
but I haven't checked yet...

There's also nobody looking into the complex talloc details
in order to just use it:-)

It's all complex code hidden behind a hopefully sane api.

metze


More information about the samba-technical mailing list