[PATCH] Fix crash in sock_daemon_test (bug 12510)
Stefan Metzmacher
metze at samba.org
Thu Jan 12 08:01:55 UTC 2017
Hi Amitay,
> These patches fix the "use after free" memory access causing SEGV in
> sock_daemon_test.
>
> As per metze's valuable suggestions I have also fixed the following
> - use consistent naming convention
> - avoid layer violations by accessing top-level req in destructor
> - Instead of freeing sock_daemon_context to terminate the damon, I have now
> added callback functions wait_send/recv which can be used to signal the
> termination condition.
> +static void sock_daemon_reconfigure(struct sock_daemon_run_state *state);
> +static void sock_daemon_shutdown(struct sock_daemon_run_state *state);
> static void sock_daemon_socket_fail(struct tevent_req *subreq);
> static void sock_daemon_watch_pid(struct tevent_req *subreq);
> -static void sock_daemon_reconfigure(struct sock_daemon_start_state *state);
> -static void sock_daemon_shutdown(struct sock_daemon_start_state *state);
Can you please also rename the functions to have a
sock_daemon_run_ prefix?
And sock_daemon_reconfigure() and sock_daemon_shutdown() should take
struct tevent_req *req as argument followed by
+ struct sock_daemon_run_state *state = tevent_req_data(
+ req, struct sock_daemon_run_state);
I think sock_daemon_socket_fail() should keep the possible
tevent_req_error()
you should just move the sock_daemon_shutdown() call.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170112/7815aa3d/signature.sig>
More information about the samba-technical
mailing list