[SCM] Samba Shared Repository - branch master updated - 14f835ba4b7e553d0cd75f3b311378c5c875e87c

Wed, 08 Oct 2008 11:40:10 -0700 

The branch, master has been updated
       via  14f835ba4b7e553d0cd75f3b311378c5c875e87c (commit)
      from  be63f86ce7029b0a4efbe1478cc16189b5d26aec (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 14f835ba4b7e553d0cd75f3b311378c5c875e87c
Author: Jeremy Allison <[EMAIL PROTECTED]>
Date:   Wed Oct 8 11:39:32 2008 -0700

    Fix bug #5814 - Winbindd dumping core in a strange manner while doing 
"rescan_trusted_domain".
    From analysis by hargagan <[EMAIL PROTECTED]> :
    "The winbindd_child_died() is also getting called from process_loop() in 
case of
    SIGCHLD signal. In this case it doesn't make the timeout_handler to NULL for
    the first request. It then initiate a new request using
    schedule_async_request() which installs a new timeout handler for the same
    request. In such a case, for a badly unresponsive system both the timeout
    handler can be called. For the first call the "private_data" will be cleared
    and for another call the timeout handler will be detecting the double free. 
So,
    for such a case as well, the winbindd_child_died() should make the
    timeout_handler to NULL."
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source3/winbindd/winbindd_dual.c |   23 +++++++++++++++++++++++
 1 files changed, 23 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
index f6a9c1f..aeb52d9 100644
--- a/source3/winbindd/winbindd_dual.c
+++ b/source3/winbindd/winbindd_dual.c
@@ -300,6 +300,18 @@ static void schedule_async_request(struct winbindd_child 
*child)
                return;         /* Busy */
        }
 
+       /*
+        * This may be a reschedule, so we might
+        * have an existing timeout event pending on
+        * the first entry in the child->requests list
+        * (we only send one request at a time).
+        * Ensure we free it before we reschedule.
+        * Bug #5814, from hargagan <[EMAIL PROTECTED]>.
+        * JRA.
+        */
+
+       TALLOC_FREE(request->reply_timeout_event);
+
        if ((child->pid == 0) && (!fork_domain_child(child))) {
                /* fork_domain_child failed.
                   Cancel all outstanding requests */
@@ -495,6 +507,17 @@ void winbind_child_died(pid_t pid)
        child->event.flags = 0;
        child->pid = 0;
 
+       if (child->requests) {
+               /*
+                * schedule_async_request() will also
+                * clear this event but the call is
+                * idempotent so it doesn't hurt to
+                * cover all possible future code
+                * paths. JRA.
+                */
+               TALLOC_FREE(child->requests->reply_timeout_event);
+       }
+
        schedule_async_request(child);
 }
 


-- 
Samba Shared Repository

Reply via email to