[SSSD] [PATCH] Fix responders socket cleanup code

Thu, 10 Mar 2016 18:04:46 -0800 

The attached patch fixes #2973,
it's pretty straightforward.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

From 8cfba566ecddfc59e9c07236d28c5cdc62a316cd Mon Sep 17 00:00:00 2001
From: Simo Sorce <s...@redhat.com>
Date: Thu, 10 Mar 2016 20:52:43 -0500
Subject: [PATCH] Responders: Fix client destrcutor

To close a socket associated to an fd event we must set the close
function of the event and not associate a destructor to aparent context.

Otherwise the destructor will close() the socket before the fd event is
freed, and this may cause invalid calls on a closed file descriptor to
poll/epoll/etc.

Discovered by looking at startce output.

Resolves:
https://fedorahosted.org/sssd/ticket/2973
---
 src/responder/common/responder_common.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 3eec66aba6411f20997d868fa71037b68a4722df..deeb4e4c88d2a3bf6ff6be42fa496b11e4b20762 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -70,9 +70,12 @@ static errno_t set_close_on_exec(int fd)
     return EOK;
 }
 
-static int client_destructor(struct cli_ctx *ctx)
+static void client_close_fn(struct tevent_context *ev,
+                            struct tevent_fd *fde, int fd,
+                            void *ptr)
 {
     errno_t ret;
+    struct cli_ctx *ctx = talloc_get_type(ptr, struct cli_ctx);
 
     if ((ctx->cfd > 0) && close(ctx->cfd) < 0) {
         ret = errno;
@@ -84,7 +87,8 @@ static int client_destructor(struct cli_ctx *ctx)
     DEBUG(SSSDBG_TRACE_INTERNAL,
           "Terminated client [%p][%d]\n",
            ctx, ctx->cfd);
-    return 0;
+
+    ctx->cfd = -1;
 }
 
 static errno_t get_client_cred(struct cli_ctx *cctx)
@@ -489,12 +493,11 @@ static void accept_fd_handler(struct tevent_context *ev,
                accept_ctx->is_private ? " on privileged pipe" : "");
         return;
     }
+    tevent_fd_set_close_fn(cctx->cfde, client_close_fn);
 
     cctx->ev = ev;
     cctx->rctx = rctx;
 
-    talloc_set_destructor(cctx, client_destructor);
-
     /* Set up the idle timer */
     ret = reset_idle_timer(cctx);
     if (ret != EOK) {
-- 
2.5.0


_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

Reply via email to