summaryrefslogtreecommitdiff
path: root/src/responder
diff options
context:
space:
mode:
Diffstat (limited to 'src/responder')
-rw-r--r--src/responder/common/responder.h2
-rw-r--r--src/responder/common/responder_common.c15
-rw-r--r--src/responder/common/responder_dp.c8
3 files changed, 25 insertions, 0 deletions
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index 5bab0d3c..2903aac0 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -104,6 +104,8 @@ struct resp_ctx {
char *default_domain;
void *pvt_ctx;
+
+ bool shutting_down;
};
struct cli_ctx {
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 4fa81909..d9f73fe2 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -716,6 +716,18 @@ failed:
return EIO;
}
+static int sss_responder_ctx_destructor(void *ptr)
+{
+ struct resp_ctx *rctx = talloc_get_type(ptr, struct resp_ctx);
+
+ /* mark that we are shutting down the responder, so it is propagated
+ * into underlying contexts that are freed right before rctx */
+ DEBUG(SSSDBG_TRACE_FUNC, ("Responder is being shut down\n"));
+ rctx->shutting_down = true;
+
+ return 0;
+}
+
int sss_process_init(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct confdb_ctx *cdb,
@@ -745,6 +757,9 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
rctx->sock_name = sss_pipe_name;
rctx->priv_sock_name = sss_priv_pipe_name;
rctx->confdb_service_path = confdb_service_path;
+ rctx->shutting_down = false;
+
+ talloc_set_destructor((TALLOC_CTX*)rctx, sss_responder_ctx_destructor);
ret = confdb_get_int(rctx->cdb, rctx->confdb_service_path,
CONFDB_RESPONDER_CLI_IDLE_TIMEOUT,
diff --git a/src/responder/common/responder_dp.c b/src/responder/common/responder_dp.c
index ca9cb834..34fc9f34 100644
--- a/src/responder/common/responder_dp.c
+++ b/src/responder/common/responder_dp.c
@@ -76,6 +76,14 @@ static int sss_dp_req_destructor(void *ptr)
sdp_req->pending_reply = NULL;
}
+ /* Do not call callbacks if the responder is shutting down, because
+ * the top level responder context (pam_ctx, sudo_ctx, ...) may be
+ * already semi-freed and we may end up accessing freed memory.
+ */
+ if (sdp_req->rctx->shutting_down) {
+ return 0;
+ }
+
/* If there are callbacks that haven't been invoked, return
* an error now.
*/
generated by cgit (git 2.34.1) at 2024-11-25 16:48:59 +0000