diff options
author | Simo Sorce <idra@samba.org> | 2008-09-24 01:37:16 -0400 |
---|---|---|
committer | Simo Sorce <idra@samba.org> | 2008-09-24 01:43:57 -0400 |
commit | 83b0c5d43f568222d97f9b8de985f1e39a375fb9 (patch) | |
tree | 97e3aced390fc7db276b1c47d382377a697469dd /source4/auth/gensec | |
parent | 7b20cbb1152af7f3779cbb0dd74d939d8f1637c0 (diff) | |
download | samba-83b0c5d43f568222d97f9b8de985f1e39a375fb9.tar.gz samba-83b0c5d43f568222d97f9b8de985f1e39a375fb9.tar.bz2 samba-83b0c5d43f568222d97f9b8de985f1e39a375fb9.zip |
Fix nasty bug that would come up only if a client connection to a remote
ldap server suddenly dies.
We were creating a wrong talloc hierarchy, so the event.fde was not
freed automatically as expected. This in turn made the event system call
the ldap io handlers with a null packet structure, causing a segfault.
Fix also the ordering in ldap_connection_dead()
Thanks to Metze for the huge help in tracking down this one.
Diffstat (limited to 'source4/auth/gensec')
-rw-r--r-- | source4/auth/gensec/gensec.h | 1 | ||||
-rw-r--r-- | source4/auth/gensec/socket.c | 13 |
2 files changed, 8 insertions, 6 deletions
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index 2830297ffe..84fc26d127 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -174,6 +174,7 @@ struct gensec_security; struct socket_context; NTSTATUS gensec_socket_init(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, struct socket_context *current_socket, struct event_context *ev, void (*recv_handler)(void *, uint16_t), diff --git a/source4/auth/gensec/socket.c b/source4/auth/gensec/socket.c index 27449bf610..319730e2ca 100644 --- a/source4/auth/gensec/socket.c +++ b/source4/auth/gensec/socket.c @@ -408,8 +408,10 @@ static NTSTATUS gensec_socket_send(struct socket_context *sock, } /* Turn a normal socket into a potentially GENSEC wrapped socket */ +/* CAREFUL: this function will steal 'current_socket' */ NTSTATUS gensec_socket_init(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, struct socket_context *current_socket, struct event_context *ev, void (*recv_handler)(void *, uint16_t), @@ -420,7 +422,7 @@ NTSTATUS gensec_socket_init(struct gensec_security *gensec_security, struct socket_context *new_sock; NTSTATUS nt_status; - nt_status = socket_create_with_ops(current_socket, &gensec_socket_ops, &new_sock, + nt_status = socket_create_with_ops(mem_ctx, &gensec_socket_ops, &new_sock, SOCKET_TYPE_STREAM, current_socket->flags | SOCKET_FLAG_ENCRYPT); if (!NT_STATUS_IS_OK(nt_status)) { *new_socket = NULL; @@ -432,22 +434,19 @@ NTSTATUS gensec_socket_init(struct gensec_security *gensec_security, gensec_socket = talloc(new_sock, struct gensec_socket); if (gensec_socket == NULL) { *new_socket = NULL; + talloc_free(new_sock); return NT_STATUS_NO_MEMORY; } new_sock->private_data = gensec_socket; gensec_socket->socket = current_socket; - if (talloc_reference(gensec_socket, current_socket) == NULL) { - *new_socket = NULL; - return NT_STATUS_NO_MEMORY; - } - /* Nothing to do here, if we are not actually wrapping on this socket */ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL) && !gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { gensec_socket->wrap = false; + talloc_steal(gensec_socket, current_socket); *new_socket = new_sock; return NT_STATUS_OK; } @@ -469,6 +468,7 @@ NTSTATUS gensec_socket_init(struct gensec_security *gensec_security, gensec_socket->packet = packet_init(gensec_socket); if (gensec_socket->packet == NULL) { *new_socket = NULL; + talloc_free(new_sock); return NT_STATUS_NO_MEMORY; } @@ -481,6 +481,7 @@ NTSTATUS gensec_socket_init(struct gensec_security *gensec_security, /* TODO: full-request that knows about maximum packet size */ + talloc_steal(gensec_socket, current_socket); *new_socket = new_sock; return NT_STATUS_OK; } |