diff options
author | Rusty Russell <rusty@rustcorp.com.au> | 2010-02-04 23:59:54 +1030 |
---|---|---|
committer | Rusty Russell <rusty@rustcorp.com.au> | 2010-02-10 16:56:14 +1030 |
commit | b37b452cb8c1f56b37b04abe7bffdede371ca361 (patch) | |
tree | 337e63a2be310ca1107aa37ec5bd18b5aa705fd8 /lib/popt | |
parent | 6269cdcd1538e2e3cead9e0f3c156b0363d607a0 (diff) | |
download | samba-b37b452cb8c1f56b37b04abe7bffdede371ca361.tar.gz samba-b37b452cb8c1f56b37b04abe7bffdede371ca361.tar.bz2 samba-b37b452cb8c1f56b37b04abe7bffdede371ca361.zip |
tdb: fix recovery reuse after crash
If a process (or the machine) dies after just after writing the
recovery head (pointing at the end of file), the recovery record will filled
with 0x42. This will not invoke a recovery on open, since rec.magic
!= TDB_RECOVERY_MAGIC.
Unfortunately, the first transaction commit will happily reuse that
area: tdb_recovery_allocate() doesn't check the magic. The recovery
record has length 0x42424242, and it writes that back into the
now-valid-looking transaction header) for the next comer (which
happens to be tdb_wipe_all in my tests).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Diffstat (limited to 'lib/popt')
0 files changed, 0 insertions, 0 deletions