git.samba.org - samba.git/commit

author	Martin Schwenke <martin@meltin.net>
	Tue, 30 Aug 2016 22:29:13 +0000 (08:29 +1000)
committer	Amitay Isaacs <amitay@samba.org>
	Thu, 1 Sep 2016 11:30:10 +0000 (13:30 +0200)
commit	9d975b860d52030a702723c70791c6a2829107c0
tree	804f93e25ce4a5acc456d95e8e9e50cea459c3e6	tree
parent	582518c7e89b279e34147bdb0b04b73056fac048	commit \| diff

ctdb-daemon: Don't steal control structure before synchronous reply

If *async_reply isn't set then the calling code will reply to the
control and free the control structure.  In some places the control
structure pointer is stolen onto state before a synchronous exit due
to an error condition.  The error handling then frees state and
returns an error.  The calling code will access-after-free when trying
to reply to the control.

To make this easier to understand, the convention is that any
(immediate) error results in a synchronous reply to the control via an
error return code AND *async_reply not being set.  In this case the
control structure pointer should never be stolen onto state.  State is
never used for a synchronous reply, it is only ever used by a
callback.

Also initialise state->c to NULL so that any premature call to a
callback (e.g. in an immediate error path) is more obvious.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12180

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb/server/ctdb_takeover.c		diff \| blob \| history
ctdb/server/eventscript.c		diff \| blob \| history