diff options
| author | Simo Sorce <idra@samba.org> | 2009-03-09 18:04:38 -0400 |
|---|---|---|
| committer | Simo Sorce <idra@samba.org> | 2009-03-09 20:12:11 -0400 |
| commit | f088353d37b433af7b979a17871233cccddf7aca (patch) | |
| tree | 35a022bf85b756bb500fda1b195aeb938da29925 /source4/lib/ldb/ldb_tdb/ldb_tdb.h | |
| parent | 218ce0e80532b0dbc595e72502d9596a35acdffd (diff) | |
| download | samba-f088353d37b433af7b979a17871233cccddf7aca.tar.gz samba-f088353d37b433af7b979a17871233cccddf7aca.tar.bz2 samba-f088353d37b433af7b979a17871233cccddf7aca.zip | |
Fix potential segfaults using freed memory.
In some code paths ltdb_context was still referenced even after we were returned
an error by one of the callbacks. Because the interface assumes that once an
error is returned the ldb_request may be freed, and because the ltdb_context was
allocated as a child of the request, this might cause access to freed memory.
Allocate the ltdb_context on ldb, and keep track of what's going on with the
request by adding a spy children on it. This way even if the request is freed
before the ltdb_callback is called, we will safely free the ctx and just quietly
return.
Diffstat (limited to 'source4/lib/ldb/ldb_tdb/ldb_tdb.h')
| -rw-r--r-- | source4/lib/ldb/ldb_tdb/ldb_tdb.h | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.h b/source4/lib/ldb/ldb_tdb/ldb_tdb.h index 0a06cdb1b0..5a1c8fee2d 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb.h +++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.h @@ -36,11 +36,16 @@ struct ltdb_private { the async local context holds also internal search state during a full db search */ +struct ltdb_req_spy { + struct ltdb_context *ctx; +}; + struct ltdb_context { struct ldb_module *module; struct ldb_request *req; - bool callback_failed; + bool request_terminated; + struct ltdb_req_spy *spy; /* search stuff */ const struct ldb_parse_tree *tree; |