This code is the same in 3.0.x winbindd.

From commit commit 5a270bc99f52483f168d662d843672d05be74473
	Author: Gerald W. Carter <jerry@samba.org>

    Winbind: Prevent cycle in children list when reaping dead child processes.

    Thanks to Glenn Curtis and Kyle Stemen @ Likewise.  Their explanation is:

        In winbindd_dual.c, there is a list of children processes that
        is maintained using macros DTLIST_ADD and DTLIST_REMOVE. In the
        case when a scheduled_async_request fails, the particular child
        was located in the list, and its attributes were cleared out
        and it was reused for a subsequent async request. The bug was that
        the new request would queue the same node into the doubly-linked
        list and would result in list->next pointing to the same node as
        list itself. This would set up an infinite loop in the processing of
        the for loop when the list of children was referenced.

        Solution was to fully remove the child node from the list, such that
        it could be inserted without risk of being inserted twice.

    Note that the child is re-added to the list in fork_domain_child() again.
Jeremy.

1 files changed, 4 insertions, 0 deletions

diff --git a/source/nsswitch/winbindd_dual.c b/source/nsswitch/winbindd_dual.c
index 7df630d6f93..e0581100b1c 100644
--- a/source/nsswitch/winbindd_dual.c
+++ b/source/nsswitch/winbindd_dual.c
@@ -527,6 +527,10 @@ void winbind_child_died(pid_t pid)
 		return;
 	}
 
+	/* This will be re-added in fork_domain_child() */
+
+	DLIST_REMOVE(children, child);
+	
 	remove_fd_event(&child->event);
 	close(child->event.fd);
 	child->event.fd = 0;