sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-27 14:04:05 +03:00
Code

tdb: fix recovery reuse after crash

Browse Source 
If a process (or the machine) dies after just after writing the
recovery head (pointing at the end of file), the recovery record will filled
with 0x42.  This will not invoke a recovery on open, since rec.magic
!= TDB_RECOVERY_MAGIC.

Unfortunately, the first transaction commit will happily reuse that
area: tdb_recovery_allocate() doesn't check the magic.  The recovery
record has length 0x42424242, and it writes that back into the
now-valid-looking transaction header) for the next comer (which
happens to be tdb_wipe_all in my tests).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell 2010-02-04 23:59:54 +10:30
parent 6269cdcd15
commit b37b452cb8
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/tdb/common/transaction.c
View File

@ -695,10 +695,16 @@ static int tdb_recovery_allocate(struct tdb_context *tdb,
rec.rec_len = 0;
if (recovery_head != 0 &&
methods->tdb_read(tdb, recovery_head, &rec, sizeof(rec), DOCONV()) == -1) {
TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_recovery_allocate: failed to read recovery record\n"));
return -1;
if (recovery_head != 0) {
if (methods->tdb_read(tdb, recovery_head, &rec, sizeof(rec), DOCONV()) == -1) {
TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_recovery_allocate: failed to read recovery record\n"));
return -1;
}
/* ignore invalid recovery regions: can happen in crash */
if (rec.magic != TDB_RECOVERY_MAGIC &&
rec.magic != TDB_RECOVERY_INVALID_MAGIC) {
recovery_head = 0;
}
}
*recovery_size = tdb_recovery_size(tdb);