[PATCH] fix crash in notifyd - bug 11930
Michael Adam
obnox at samba.org
Fri May 20 11:14:48 UTC 2016
See https://bugzilla.samba.org/show_bug.cgi?id=11930
I think this might be the right fix...
Review appreciated!
Thanks - Michael
-------------- next part --------------
From 6ef588fc93089de31f07beaaec498abfc53a8063 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Fri, 20 May 2016 12:57:48 +0200
Subject: [PATCH] notifyd: prevent NULL deref segfault in
notifyd_peer_destructor
It seems it could happen that p->db == NULL in the list
from notifyd_clean_peers_next(). This has been seen in
a ctdb cluster when an node-internal ctdb interface is
brought down.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11930
Signed-off-by: Michael Adam <obnox at samba.org>
---
source3/smbd/notifyd/notifyd.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/source3/smbd/notifyd/notifyd.c b/source3/smbd/notifyd/notifyd.c
index 49fb9c9..45b029b 100644
--- a/source3/smbd/notifyd/notifyd.c
+++ b/source3/smbd/notifyd/notifyd.c
@@ -1246,7 +1246,10 @@ static int notifyd_peer_destructor(struct notifyd_peer *p)
struct notifyd_state *state = p->state;
size_t i;
- dbwrap_traverse_read(p->db, notifyd_db_del_syswatches, NULL, NULL);
+ if (p->db != NULL) {
+ dbwrap_traverse_read(p->db, notifyd_db_del_syswatches,
+ NULL, NULL);
+ }
for (i = 0; i<state->num_peers; i++) {
if (p == state->peers[i]) {
--
2.5.5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160520/be5265d3/signature.sig>
More information about the samba-technical
mailing list