[PATCH] ctdb-recovery-helper: Deregister message handler in error paths (bug 13188)
Amitay Isaacs
amitay at gmail.com
Wed Dec 13 05:51:13 UTC 2017
Hi,
If PULL_DB control times out but the remote node is still sending the
data, then the tevent_req for pull_database_send will be freed without
removing the message handler. So when the data is received, srvid
handler will be called and it will try to access tevent_req which will
result in use-after-free and abort.
Please review and push.
Amitay.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-ctdb-recovery-helper-Deregister-message-handler-in-e.patch
Type: text/x-patch
Size: 2329 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20171213/1d8e8156/0001-ctdb-recovery-helper-Deregister-message-handler-in-e.bin>
More information about the samba-technical
mailing list