diff options
Diffstat (limited to 'src/responder')
-rw-r--r-- | src/responder/common/responder.h | 2 | ||||
-rw-r--r-- | src/responder/common/responder_common.c | 15 | ||||
-rw-r--r-- | src/responder/common/responder_dp.c | 8 |
3 files changed, 25 insertions, 0 deletions
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 5bab0d3c..2903aac0 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -104,6 +104,8 @@ struct resp_ctx { char *default_domain; void *pvt_ctx; + + bool shutting_down; }; struct cli_ctx { diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 4fa81909..d9f73fe2 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -716,6 +716,18 @@ failed: return EIO; } +static int sss_responder_ctx_destructor(void *ptr) +{ + struct resp_ctx *rctx = talloc_get_type(ptr, struct resp_ctx); + + /* mark that we are shutting down the responder, so it is propagated + * into underlying contexts that are freed right before rctx */ + DEBUG(SSSDBG_TRACE_FUNC, ("Responder is being shut down\n")); + rctx->shutting_down = true; + + return 0; +} + int sss_process_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct confdb_ctx *cdb, @@ -745,6 +757,9 @@ int sss_process_init(TALLOC_CTX *mem_ctx, rctx->sock_name = sss_pipe_name; rctx->priv_sock_name = sss_priv_pipe_name; rctx->confdb_service_path = confdb_service_path; + rctx->shutting_down = false; + + talloc_set_destructor((TALLOC_CTX*)rctx, sss_responder_ctx_destructor); ret = confdb_get_int(rctx->cdb, rctx->confdb_service_path, CONFDB_RESPONDER_CLI_IDLE_TIMEOUT, diff --git a/src/responder/common/responder_dp.c b/src/responder/common/responder_dp.c index ca9cb834..34fc9f34 100644 --- a/src/responder/common/responder_dp.c +++ b/src/responder/common/responder_dp.c @@ -76,6 +76,14 @@ static int sss_dp_req_destructor(void *ptr) sdp_req->pending_reply = NULL; } + /* Do not call callbacks if the responder is shutting down, because + * the top level responder context (pam_ctx, sudo_ctx, ...) may be + * already semi-freed and we may end up accessing freed memory. + */ + if (sdp_req->rctx->shutting_down) { + return 0; + } + /* If there are callbacks that haven't been invoked, return * an error now. */ |