From 0d096931196524a2d1bf59470bc629dc9231131e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 31 Dec 2022 01:24:57 +0100 Subject: [PATCH] s4:lib/messaging: fix interaction between imessaging_context_destructor and irpc_destructor BUG: https://bugzilla.samba.org/show_bug.cgi?id=15280 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme --- source4/lib/messaging/messaging.c | 13 +++++++++++++ source4/lib/messaging/messaging_internal.h | 3 +++ 2 files changed, 16 insertions(+) diff --git a/source4/lib/messaging/messaging.c b/source4/lib/messaging/messaging.c index 3705ffc5bef..3a9dccc1d48 100644 --- a/source4/lib/messaging/messaging.c +++ b/source4/lib/messaging/messaging.c @@ -48,6 +48,7 @@ a pending irpc call */ struct irpc_request { + struct irpc_request *prev, *next; struct imessaging_context *msg_ctx; int callid; struct { @@ -400,6 +401,16 @@ NTSTATUS imessaging_process_cleanup( static int imessaging_context_destructor(struct imessaging_context *msg) { + struct irpc_request *irpc = NULL; + struct irpc_request *next = NULL; + + for (irpc = msg->requests; irpc != NULL; irpc = next) { + next = irpc->next; + + DLIST_REMOVE(msg->requests, irpc); + irpc->callid = -1; + } + DLIST_REMOVE(msg_ctxs, msg); TALLOC_FREE(msg->msg_dgm_ref); return 0; @@ -1035,6 +1046,7 @@ failed: static int irpc_destructor(struct irpc_request *irpc) { if (irpc->callid != -1) { + DLIST_REMOVE(irpc->msg_ctx->requests, irpc); idr_remove(irpc->msg_ctx->idr, irpc->callid); if (irpc->msg_ctx->discard_incoming) { SMB_ASSERT(irpc->msg_ctx->num_incoming_listeners > 0); @@ -1238,6 +1250,7 @@ static struct tevent_req *irpc_bh_raw_call_send(TALLOC_CTX *mem_ctx, /* make sure we accept incoming messages */ SMB_ASSERT(state->irpc->msg_ctx->num_incoming_listeners < UINT64_MAX); state->irpc->msg_ctx->num_incoming_listeners += 1; + DLIST_ADD_END(state->irpc->msg_ctx->requests, state->irpc); talloc_set_destructor(state->irpc, irpc_destructor); /* setup the header */ diff --git a/source4/lib/messaging/messaging_internal.h b/source4/lib/messaging/messaging_internal.h index ac254c22631..6281bda82a9 100644 --- a/source4/lib/messaging/messaging_internal.h +++ b/source4/lib/messaging/messaging_internal.h @@ -19,6 +19,8 @@ along with this program. If not, see . */ +struct irpc_request; + struct imessaging_context { struct imessaging_context *prev, *next; struct tevent_context *ev; @@ -30,6 +32,7 @@ struct imessaging_context { struct idr_context *dispatch_tree; struct irpc_list *irpc; struct idr_context *idr; + struct irpc_request *requests; struct server_id_db *names; struct timeval start_time; void *msg_dgm_ref;