From 2558c15beb094ea6b6804b1db0a3f231738815e1 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero Date: Fri, 27 Mar 2020 19:52:26 +0100 Subject: [PATCH] s3:rpc_server: Fix talloc_free() with references error on server exit Fixes talloc_free() with references when smbd exists and talloc_free the global dcesrv context: ERROR: talloc_free with references at ../../source3/rpc_server/rpc_config.c:73 reference at ../../source3/rpc_server/rpc_server.c:193 reference at ../../source3/rpc_server/rpc_server.c:592 ... The talloc_reference to make the dcerpc_ncacn_listen_state a parent of the dcesrv context is not necessary as the listen state is allocated under the endpoint, which is allocated under the dcesrv context: full talloc report on 'struct dcesrv_context' (total 12298 bytes in 188 blocks) ... struct dcesrv_endpoint contains 691 bytes in 11 blocks (ref 0) 0x55ae964d79a0 struct dcerpc_ncacn_listen_state contains 160 bytes in 2 blocks (ref 0) 0x55ae964fca60 struct tevent_fd contains 104 bytes in 1 blocks (ref 0) 0x55ae964f36f0 struct dcesrv_if_list contains 128 bytes in 2 blocks (ref 0) 0x55ae964e8a40 ../../librpc/rpc/dcesrv_core.c:360 contains 104 bytes in 1 blocks (ref 0) 0x55ae964e8ac0 struct dcesrv_if_list contains 128 bytes in 2 blocks (ref 0) 0x55ae964e8870 ../../librpc/rpc/dcesrv_core.c:327 contains 104 bytes in 1 blocks (ref 0) 0x55ae964e8970 struct dcerpc_binding contains 108 bytes in 2 blocks (ref 0) 0x55ae964e87a0 \pipe\lsass contains 12 bytes in 1 blocks (ref 0) 0x55ae964e88f0 struct dcerpc_binding contains 111 bytes in 2 blocks (ref 0) 0x55ae964e86d0 \pipe\netlogon contains 15 bytes in 1 blocks (ref 0) 0x55ae964e8650 ... struct dcesrv_endpoint contains 1728 bytes in 27 blocks (ref 0) 0x55ae964e0db0 struct dcerpc_ncacn_listen_state contains 160 bytes in 2 blocks (ref 0) 0x55ae964fd540 struct tevent_fd contains 104 bytes in 1 blocks (ref 0) 0x55ae964f3890 struct dcesrv_if_list contains 128 bytes in 2 blocks (ref 0) 0x55ae964fbd70 ../../librpc/rpc/dcesrv_core.c:360 contains 104 bytes in 1 blocks (ref 0) 0x55ae964f67a0 struct dcesrv_if_list contains 128 bytes in 2 blocks (ref 0) 0x55ae964fff60 ../../librpc/rpc/dcesrv_core.c:360 contains 104 bytes in 1 blocks (ref 0) 0x55ae964f66c0 struct dcesrv_if_list contains 128 bytes in 2 blocks (ref 0) 0x55ae964eb8b0 ../../librpc/rpc/dcesrv_core.c:360 contains 104 bytes in 1 blocks (ref 0) 0x55ae964eba00 struct dcesrv_if_list contains 128 bytes in 2 blocks (ref 0) 0x55ae964eb200 ../../librpc/rpc/dcesrv_core.c:360 contains 104 bytes in 1 blocks (ref 0) 0x55ae964eb350 struct dcesrv_if_list contains 128 bytes in 2 blocks (ref 0) 0x55ae964eab70 ../../librpc/rpc/dcesrv_core.c:360 contains 104 bytes in 1 blocks (ref 0) 0x55ae964eabf0 struct dcesrv_if_list contains 128 bytes in 2 blocks (ref 0) 0x55ae964ea360 ../../librpc/rpc/dcesrv_core.c:360 contains 104 bytes in 1 blocks (ref 0) 0x55ae964ea4b0 struct dcesrv_if_list contains 128 bytes in 2 blocks (ref 0) 0x55ae964e9cb0 ../../librpc/rpc/dcesrv_core.c:360 contains 104 bytes in 1 blocks (ref 0) 0x55ae964e9e00 struct dcesrv_if_list contains 128 bytes in 2 blocks (ref 0) 0x55ae964e96a0 ../../librpc/rpc/dcesrv_core.c:360 contains 104 bytes in 1 blocks (ref 0) 0x55ae964e97f0 struct dcesrv_if_list contains 128 bytes in 2 blocks (ref 0) 0x55ae964e8430 ../../librpc/rpc/dcesrv_core.c:360 contains 104 bytes in 1 blocks (ref 0) 0x55ae964e8580 struct dcesrv_if_list contains 128 bytes in 2 blocks (ref 0) 0x55ae964e6250 ../../librpc/rpc/dcesrv_core.c:360 contains 104 bytes in 1 blocks (ref 0) 0x55ae964e8070 struct dcesrv_if_list contains 128 bytes in 2 blocks (ref 0) 0x55ae964e7e50 ../../librpc/rpc/dcesrv_core.c:327 contains 104 bytes in 1 blocks (ref 0) 0x55ae964e7fa0 struct dcerpc_binding contains 104 bytes in 2 blocks (ref 0) 0x55ae964e7ed0 DEFAULT contains 8 bytes in 1 blocks (ref 0) 0x55ae964eaa10 .... Signed-off-by: Samuel Cabrero Reviewed-by: Andrew Bartlet Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Wed Apr 1 10:28:43 UTC 2020 on sn-devel-184 --- source3/rpc_server/rpc_server.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c index 60175575018..d34f85538cd 100644 --- a/source3/rpc_server/rpc_server.c +++ b/source3/rpc_server/rpc_server.c @@ -190,7 +190,7 @@ NTSTATUS dcesrv_setup_ncacn_np_socket(struct tevent_context *ev_ctx, state->ev_ctx = ev_ctx; state->msg_ctx = msg_ctx; state->endpoint = e; - state->dce_ctx = talloc_reference(state, dce_ctx); + state->dce_ctx = dce_ctx; state->termination_fn = term_fn; state->termination_data = term_data; @@ -368,7 +368,7 @@ NTSTATUS dcesrv_setup_ncacn_ip_tcp_socket(struct tevent_context *ev_ctx, state->ev_ctx = ev_ctx; state->msg_ctx = msg_ctx; state->endpoint = e; - state->dce_ctx = talloc_reference(state, dce_ctx); + state->dce_ctx = dce_ctx; state->termination_fn = term_fn; state->termination_data = term_data; @@ -589,7 +589,7 @@ NTSTATUS dcesrv_setup_ncalrpc_socket(struct tevent_context *ev_ctx, state->fd = -1; state->ev_ctx = ev_ctx; state->msg_ctx = msg_ctx; - state->dce_ctx = talloc_reference(state, dce_ctx); + state->dce_ctx = dce_ctx; state->endpoint = e; state->termination_fn = term_fn; state->termination_data = termination_data;