[PATCH] Fix crash in sock_daemon_test (bug 12510)
Amitay Isaacs
amitay at gmail.com
Fri Jan 13 06:21:13 UTC 2017
On Thu, Jan 12, 2017 at 7:01 PM, Stefan Metzmacher <metze at samba.org> wrote:
> Hi Amitay,
>
> > These patches fix the "use after free" memory access causing SEGV in
> > sock_daemon_test.
> >
> > As per metze's valuable suggestions I have also fixed the following
> > - use consistent naming convention
> > - avoid layer violations by accessing top-level req in destructor
> > - Instead of freeing sock_daemon_context to terminate the damon, I have
> now
> > added callback functions wait_send/recv which can be used to signal the
> > termination condition.
>
>
> > +static void sock_daemon_reconfigure(struct sock_daemon_run_state
> *state);
> > +static void sock_daemon_shutdown(struct sock_daemon_run_state *state);
> > static void sock_daemon_socket_fail(struct tevent_req *subreq);
> > static void sock_daemon_watch_pid(struct tevent_req *subreq);
> > -static void sock_daemon_reconfigure(struct sock_daemon_start_state
> *state);
> > -static void sock_daemon_shutdown(struct sock_daemon_start_state *state);
>
> Can you please also rename the functions to have a
> sock_daemon_run_ prefix?
>
> And sock_daemon_reconfigure() and sock_daemon_shutdown() should take
> struct tevent_req *req as argument followed by
>
> + struct sock_daemon_run_state *state = tevent_req_data(
> + req, struct sock_daemon_run_state);
>
>
> I think sock_daemon_socket_fail() should keep the possible
> tevent_req_error()
> you should just move the sock_daemon_shutdown() call.
>
> metze
>
>
Here is v2 patchset that fixes all the above mentioned issues.
Please review and push.
Amitay.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ctdb.patches
Type: application/octet-stream
Size: 28172 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170113/180d90d0/ctdb.obj>
More information about the samba-technical
mailing list