git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c676c95)
tsocket: make sure we delete the fd event before calling close()
authorStefan Metzmacher <metze@samba.org>
Mon, 27 Sep 2010 21:57:34 +0000 (23:57 +0200)
committerStefan Metzmacher <metze@samba.org>
Mon, 4 Oct 2010 14:05:15 +0000 (14:05 +0000)
We got random double free errors, when getting events from
epoll_wait() and try to dereference the private talloc pointer
attached to it.

Before doing the close() in the tstream_disconnect_send() function
we need to delete the fd event.

commit 38f505530ba06323a56c7d3914630efffcd12629 only fixed it for
tdgram sockets.

metze

lib/tsocket/tsocket_bsd.c patch | blob | history

diff --git a/lib/tsocket/tsocket_bsd.c b/lib/tsocket/tsocket_bsd.c
index 6fb1535ea0da27e346676cfc630b805697ee8eb3..bc7cfe3fe9e24aad603be171b79c3d6a0814d150 100644 (file)
--- a/lib/tsocket/tsocket_bsd.c
+++ b/lib/tsocket/tsocket_bsd.c
@@ -1895,6 +1895,7 @@ static struct tevent_req *tstream_bsd_disconnect_send(TALLOC_CTX *mem_ctx,
                goto post;
        }
 
                goto post;
        }
 
+       TALLOC_FREE(bsds->fde);
        ret = close(bsds->fd);
        bsds->fd = -1;
        err = tsocket_bsd_error_from_errno(ret, errno, &dummy);
        ret = close(bsds->fd);
        bsds->fd = -1;
        err = tsocket_bsd_error_from_errno(ret, errno, &dummy);
Samba Shared Repository