From 92786aebf1b8aa17612ebaf5dd0ee8cd4abf9616 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sat, 19 Sep 2009 08:23:03 -0700
Subject: s4-resolve: fixed a crash bug on timeout

We were creating the name resolution context as a child of lp_ctx,
which meant when we gave up on a connection the timer on name
resolution kept running, and when it timed out the callback crashed as
the socket was already removed.
---
 source4/lib/socket/connect_multi.c       | 2 +-
 source4/libcli/finddcs.c                 | 2 +-
 source4/libcli/resolve/resolve.c         | 8 +++++---
 source4/libcli/smb2/connect.c            | 2 +-
 source4/libcli/smb_composite/connect.c   | 2 +-
 source4/libnet/libnet_lookup.c           | 2 +-
 source4/librpc/rpc/dcerpc_sock.c         | 2 +-
 source4/nbt_server/wins/wins_dns_proxy.c | 2 +-
 source4/winbind/wb_dom_info_trusted.c    | 2 +-
 9 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/source4/lib/socket/connect_multi.c b/source4/lib/socket/connect_multi.c
index 8fcfc0a8ea..68386ba565 100644
--- a/source4/lib/socket/connect_multi.c
+++ b/source4/lib/socket/connect_multi.c
@@ -103,7 +103,7 @@ _PUBLIC_ struct composite_context *socket_connect_multi_send(
 		struct nbt_name name;
 		struct composite_context *creq;
 		make_nbt_name_server(&name, server_address);
-		creq = resolve_name_send(resolve_ctx, &name, result->event_ctx);
+		creq = resolve_name_send(resolve_ctx, multi, &name, result->event_ctx);
 		if (composite_nomem(creq, result)) goto failed;
 		composite_continue(result, creq, continue_resolve_name, result);
 		return result;
diff --git a/source4/libcli/finddcs.c b/source4/libcli/finddcs.c
index 2e4fad9332..8330042ea1 100644
--- a/source4/libcli/finddcs.c
+++ b/source4/libcli/finddcs.c
@@ -102,7 +102,7 @@ struct composite_context *finddcs_send(TALLOC_CTX *mem_ctx,
 	state->msg_ctx = msg_ctx;
 
 	make_nbt_name(&name, state->domain_name, name_type);
-	creq = resolve_name_send(resolve_ctx, &name, event_ctx);
+	creq = resolve_name_send(resolve_ctx, state, &name, event_ctx);
 	composite_continue(c, creq, finddcs_name_resolved, state);
 	return c;
 }
diff --git a/source4/libcli/resolve/resolve.c b/source4/libcli/resolve/resolve.c
index 6a3d5daecc..0ad3a75e89 100644
--- a/source4/libcli/resolve/resolve.c
+++ b/source4/libcli/resolve/resolve.c
@@ -136,6 +136,7 @@ static struct composite_context *setup_next_method(struct composite_context *c)
   general name resolution - async send
  */
 struct composite_context *resolve_name_all_send(struct resolve_context *ctx,
+						TALLOC_CTX *mem_ctx,
 						uint32_t flags,
 						uint16_t port,
 						struct nbt_name *name,
@@ -148,7 +149,7 @@ struct composite_context *resolve_name_all_send(struct resolve_context *ctx,
 		return NULL;
 	}
 
-	c = composite_create(ctx, event_ctx);
+	c = composite_create(mem_ctx, event_ctx);
 	if (c == NULL) return NULL;
 
 	if (composite_nomem(c->event_ctx, c)) return c;
@@ -221,10 +222,11 @@ NTSTATUS resolve_name_all_recv(struct composite_context *c,
 }
 
 struct composite_context *resolve_name_send(struct resolve_context *ctx,
+					    TALLOC_CTX *mem_ctx,
 					    struct nbt_name *name,
 					    struct tevent_context *event_ctx)
 {
-	return resolve_name_all_send(ctx, 0, 0, name, event_ctx);
+	return resolve_name_all_send(ctx, mem_ctx, 0, 0, name, event_ctx);
 }
 
 NTSTATUS resolve_name_recv(struct composite_context *c,
@@ -253,7 +255,7 @@ NTSTATUS resolve_name(struct resolve_context *ctx,
 			  const char **reply_addr,
 			  struct tevent_context *ev)
 {
-	struct composite_context *c = resolve_name_send(ctx, name, ev);
+	struct composite_context *c = resolve_name_send(ctx, mem_ctx, name, ev);
 	return resolve_name_recv(c, mem_ctx, reply_addr);
 }
 
diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c
index 8c1a73b681..64ed6c3acc 100644
--- a/source4/libcli/smb2/connect.c
+++ b/source4/libcli/smb2/connect.c
@@ -271,7 +271,7 @@ struct composite_context *smb2_connect_send(TALLOC_CTX *mem_ctx,
 	ZERO_STRUCT(name);
 	name.name = host;
 
-	creq = resolve_name_send(resolve_ctx, &name, c->event_ctx);
+	creq = resolve_name_send(resolve_ctx, state, &name, c->event_ctx);
 	composite_continue(c, creq, continue_resolve, c);
 	return c;
 }
diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c
index 9a19771bc0..3d35018acb 100644
--- a/source4/libcli/smb_composite/connect.c
+++ b/source4/libcli/smb_composite/connect.c
@@ -480,7 +480,7 @@ struct composite_context *smb_composite_connect_send(struct smb_composite_connec
 
 	state->stage = CONNECT_RESOLVE;
 	make_nbt_name_server(&name, io->in.dest_host);
-	state->creq = resolve_name_send(resolve_ctx, &name, c->event_ctx);
+	state->creq = resolve_name_send(resolve_ctx, state, &name, c->event_ctx);
 
 	if (state->creq == NULL) goto failed;
 	state->creq->async.private_data = c;
diff --git a/source4/libnet/libnet_lookup.c b/source4/libnet/libnet_lookup.c
index ab26814b9a..4548864ba4 100644
--- a/source4/libnet/libnet_lookup.c
+++ b/source4/libnet/libnet_lookup.c
@@ -88,7 +88,7 @@ struct composite_context *libnet_Lookup_send(struct libnet_context *ctx,
 	}
 
 	/* send resolve request */
-	cresolve_req = resolve_name_send(resolve_ctx, &s->hostname, c->event_ctx);
+	cresolve_req = resolve_name_send(resolve_ctx, s, &s->hostname, c->event_ctx);
 	if (composite_nomem(cresolve_req, c)) return c;
 
 	composite_continue(c, cresolve_req, continue_name_resolved, c);
diff --git a/source4/librpc/rpc/dcerpc_sock.c b/source4/librpc/rpc/dcerpc_sock.c
index 64a5b92e90..d8bd6d2938 100644
--- a/source4/librpc/rpc/dcerpc_sock.c
+++ b/source4/librpc/rpc/dcerpc_sock.c
@@ -488,7 +488,7 @@ struct composite_context* dcerpc_pipe_open_tcp_send(struct dcerpc_connection *co
 	s->resolve_ctx     = resolve_ctx;
 
 	make_nbt_name_server(&name, server);
-	resolve_req = resolve_name_send(resolve_ctx, &name, c->event_ctx);
+	resolve_req = resolve_name_send(resolve_ctx, s, &name, c->event_ctx);
 	composite_continue(c, resolve_req, continue_ip_resolve_name, c);
 	return c;
 }
diff --git a/source4/nbt_server/wins/wins_dns_proxy.c b/source4/nbt_server/wins/wins_dns_proxy.c
index cd605907a8..4ebfc05fd7 100644
--- a/source4/nbt_server/wins/wins_dns_proxy.c
+++ b/source4/nbt_server/wins/wins_dns_proxy.c
@@ -87,7 +87,7 @@ void nbtd_wins_dns_proxy_query(struct nbt_name_socket *nbtsock,
 	if (resolve_ctx == NULL) goto failed;
 	resolve_context_add_host_method(resolve_ctx);
 
-	creq = resolve_name_send(resolve_ctx, name, iface->nbtsrv->task->event_ctx);
+	creq = resolve_name_send(resolve_ctx, s, name, iface->nbtsrv->task->event_ctx);
 	if (!creq) goto failed;
 
 	creq->async.fn		= nbtd_wins_dns_proxy_handler;
diff --git a/source4/winbind/wb_dom_info_trusted.c b/source4/winbind/wb_dom_info_trusted.c
index 5223b166aa..c3bc754f69 100644
--- a/source4/winbind/wb_dom_info_trusted.c
+++ b/source4/winbind/wb_dom_info_trusted.c
@@ -195,7 +195,7 @@ static void trusted_dom_info_recv_dcname(struct rpc_request *req)
 	if (*state->info->dcs[0].name == '\\') state->info->dcs[0].name++;
 	
 	make_nbt_name(&name, state->info->dcs[0].name, 0x20);
-	ctx = resolve_name_send(lp_resolve_context(state->service->task->lp_ctx), 
+	ctx = resolve_name_send(lp_resolve_context(state->service->task->lp_ctx), state,
 				&name, state->service->task->event_ctx);
 
 	composite_continue(state->ctx, ctx, trusted_dom_info_recv_dcaddr,
-- 
cgit