When SIGCHLD handling is delayed for some reason, sending a request to a child
can fail early because the child has died already. In this case
async_main_request_sent() directly called the continuation function without
properly removing the malfunctioning child process and the requests in the
queue. The next request would then crash in the DLIST_ADD_END() in
async_request() because the request pending for the child had been
talloc_free()'ed and yet still was referenced in the list.
This one is *old*...
Volker
(cherry picked from commit
8691709626b0d461de91b8fc9d10c730d1f183dd)
+static void async_request_fail(struct winbindd_async_request *state);
static void async_main_request_sent(void *private_data, bool success);
static void async_request_sent(void *private_data, bool success);
static void async_reply_recv(void *private_data, bool success);
static void async_main_request_sent(void *private_data, bool success);
static void async_request_sent(void *private_data, bool success);
static void async_reply_recv(void *private_data, bool success);
state->mem_ctx = mem_ctx;
state->child = child;
state->mem_ctx = mem_ctx;
state->child = child;
+ state->reply_timeout_event = NULL;
state->request = request;
state->response = response;
state->continuation = continuation;
state->request = request;
state->response = response;
state->continuation = continuation;
if (!success) {
DEBUG(5, ("Could not send async request\n"));
if (!success) {
DEBUG(5, ("Could not send async request\n"));
-
- state->response->length = sizeof(struct winbindd_response);
- state->response->result = WINBINDD_ERROR;
- state->continuation(state->private_data, False);
+ async_request_fail(state);