diff options
| author | Andrew Tridgell <tridge@samba.org> | 2005-10-04 10:18:07 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:39:23 -0500 |
| commit | a04f65b1c703e7622ebc1a85170f9980c2b33227 (patch) | |
| tree | fcbb6d378fd046ce67c322211e8e2465e94d1461 /source4/ldap_server | |
| parent | 63d4cb48029e8bd607604e40bbbc46d20d917d80 (diff) | |
| download | samba-a04f65b1c703e7622ebc1a85170f9980c2b33227.tar.gz samba-a04f65b1c703e7622ebc1a85170f9980c2b33227.tar.bz2 samba-a04f65b1c703e7622ebc1a85170f9980c2b33227.zip | |
r10709: fixed a crash bug rather similar to the one volker found in the dcerpc
code, where a stream_terminate_connection() while processing a request
can cause a later defererence of the connection structure to die.
(This used to be commit efbcb0f74176058a74d7134dae4658b891fc6f16)
Diffstat (limited to 'source4/ldap_server')
| -rw-r--r-- | source4/ldap_server/ldap_server.c | 27 | ||||
| -rw-r--r-- | source4/ldap_server/ldap_server.h | 3 |
2 files changed, 25 insertions, 5 deletions
diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 71a7172e5c..83ce059756 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -40,11 +40,12 @@ static void ldapsrv_terminate_connection(struct ldapsrv_connection *conn, const char *reason) { - if (conn->tls) { - talloc_free(conn->tls); - conn->tls = NULL; - } - stream_terminate_connection(conn->connection, reason); + /* we don't actually do the stream termination here as the + recv/send functions dereference the connection after the + packet processing callbacks. Instead we mark it for + termination and do the real termination in the send/recv + functions */ + conn->terminate = reason; } /* @@ -299,6 +300,14 @@ static void ldapsrv_recv(struct stream_connection *c, uint16_t flags) conn->processing = False; EVENT_FD_READABLE(c->event.fde); + + if (conn->terminate) { + if (conn->tls) { + talloc_free(conn->tls); + conn->tls = NULL; + } + stream_terminate_connection(conn->connection, conn->terminate); + } } /* @@ -331,6 +340,14 @@ static void ldapsrv_send(struct stream_connection *c, uint16_t flags) if (conn->send_queue == NULL) { EVENT_FD_NOT_WRITEABLE(c->event.fde); } + + if (conn->terminate) { + if (conn->tls) { + talloc_free(conn->tls); + conn->tls = NULL; + } + stream_terminate_connection(conn->connection, conn->terminate); + } } /* diff --git a/source4/ldap_server/ldap_server.h b/source4/ldap_server/ldap_server.h index a1981843a6..2aa6530f9f 100644 --- a/source4/ldap_server/ldap_server.h +++ b/source4/ldap_server/ldap_server.h @@ -38,6 +38,9 @@ struct ldapsrv_connection { struct data_blob_list_item *send_queue; BOOL processing; + + /* connection should be terminated if non-null */ + const char *terminate; }; struct ldapsrv_call { |