[PATCH] Fix crash in sock_daemon_test (bug 12510)

Stefan Metzmacher metze at samba.org
Thu Jan 12 08:01:55 UTC 2017


Hi Amitay,

> These patches fix the "use after free" memory access causing SEGV in
> sock_daemon_test.
> 
> As per metze's valuable suggestions I have also fixed the following
> - use consistent naming convention
> - avoid layer violations by accessing top-level req in destructor
> - Instead of freeing sock_daemon_context to terminate the damon, I have now
> added callback functions wait_send/recv which can be used to signal the
> termination condition.


> +static void sock_daemon_reconfigure(struct sock_daemon_run_state *state);
> +static void sock_daemon_shutdown(struct sock_daemon_run_state *state);
> static void sock_daemon_socket_fail(struct tevent_req *subreq);
> static void sock_daemon_watch_pid(struct tevent_req *subreq);
> -static void sock_daemon_reconfigure(struct sock_daemon_start_state *state);
> -static void sock_daemon_shutdown(struct sock_daemon_start_state *state);

Can you please also rename the functions to have a
sock_daemon_run_ prefix?

And sock_daemon_reconfigure() and sock_daemon_shutdown() should take
struct tevent_req *req as argument followed by

+	struct sock_daemon_run_state *state = tevent_req_data(
+		req, struct sock_daemon_run_state);


I think sock_daemon_socket_fail() should keep the possible
tevent_req_error()
you should just move the sock_daemon_shutdown() call.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170112/7815aa3d/signature.sig>


More information about the samba-technical mailing list