ctdb-recoverd: Free cluster mutex handler on failure to take lock

If nested events occur while the file descriptor handler is still
active then chaos can ensue.  For example, if a node is banned and the
lock is explicitly cancelled (e.g. due to election loss) then
double-talloc-free()s abound.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 621658cbed5d91d7096fc208bac2ff93a1880e7d)

1 files changed, 10 insertions, 1 deletions

diff --git a/ctdb/server/ctdb_recoverd.c b/ctdb/server/ctdb_recoverd.c
index 673c99c3d34..20b6e44e7ae 100644
--- a/ctdb/server/ctdb_recoverd.c
+++ b/ctdb/server/ctdb_recoverd.c
@@ -897,6 +897,16 @@ static void take_reclock_handler(char status,
 	struct ctdb_recovery_lock_handle *s =
 		(struct ctdb_recovery_lock_handle *) private_data;
 
+	s->locked = (status == '0') ;
+
+	/*
+	 * If unsuccessful then ensure the process has exited and that
+	 * the file descriptor event handler has been cancelled
+	 */
+	if (! s->locked) {
+		TALLOC_FREE(s->h);
+	}
+
 	switch (status) {
 	case '0':
 		s->latency = latency;
@@ -912,7 +922,6 @@ static void take_reclock_handler(char status,
 	}
 
 	s->done = true;
-	s->locked = (status == '0') ;
 }
 
 static bool ctdb_recovery_lock(struct ctdb_recoverd *rec);