mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
9e84872ecd
Wolfgang saw a talloc complaint about using freed memory in ctdb_tcp_read_cb. His fix was to remove the talloc_free() in that function, which causes loops when a socket is closed (as it does not get removed from the event system), eg: netcat 192.168.1.2 4379 < /dev/null The real bug is that when we have more than one pending packet in the queue, we loop calling the callback without any safeguards should that callback free the queue (as it tends to do on invalid packets). This can be reproduced by sending more than one bogus packet at once: # Length word at start: 4 == empty packet (assumed little endian) /usr/bin/printf \\4\\0\\0\\0\\4\\0\\0\\0 > /tmp/pkt netcat 192.168.1.2 4379 < /tmp/pkt Using a destructor we can check if the callback frees us, and exit immediately. Elsewhere, we return after the callback anyway. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (This used to be ctdb commit 4d0523dd94fb07e860b3e8118691f93d1ef8d0fa) |
||
---|---|---|
.. | ||
cmdline.c | ||
ctdb_io.c | ||
ctdb_logging.c | ||
ctdb_ltdb.c | ||
ctdb_message.c | ||
ctdb_util.c | ||
rb_tree.c | ||
rb_tree.h | ||
system_aix.c | ||
system_common.c | ||
system_linux.c |