summaryrefslogtreecommitdiff
path: root/ctdb
diff options
context:
space:
mode:
authorMartin Schwenke <martin@meltin.net>2020-03-22 13:46:46 +1100
committerKarolin Seeger <kseeger@samba.org>2020-03-30 11:22:26 +0000
commit8159513ac73839a249a8adb059be9dbea9a57681 (patch)
tree746333debd4184742e688cd1a0a88f4c87c2235c /ctdb
parent10592fcd018b770c6ff877b06bedfa7cdd0d88cd (diff)
downloadsamba-8159513ac73839a249a8adb059be9dbea9a57681.tar.gz
ctdb-recoverd: Avoid dereferencing NULL rec->nodemap
Inside the nested event loop in ctdb_ctrl_getnodemap(), various asynchronous handlers may dereference rec->nodemap, which will be NULL. One example is lost_reclock_handler(), which causes rec->nodemap to be unconditionally dereferenced in list_of_nodes() via this call chain: list_of_nodes() list_of_active_nodes() set_recovery_mode() force_election() lost_reclock_handler() Instead of attempting to trace all of the cases, just avoid leaving rec->nodemap set to NULL. Attempting to use an old value is generally harmless, especially since it will be the same as the new value in most cases. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14324 Reported-by: Volker Lendecke <vl@samba.org> Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com> Autobuild-User(master): Martin Schwenke <martins@samba.org> Autobuild-Date(master): Tue Mar 24 01:22:45 UTC 2020 on sn-devel-184 (cherry picked from commit 716f52f68b248ae7cfd66479b3fc678c4a0d8b38) Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-11-test): Mon Mar 30 11:22:26 UTC 2020 on sn-devel-184
Diffstat (limited to 'ctdb')
-rw-r--r--ctdb/server/ctdb_recoverd.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/ctdb/server/ctdb_recoverd.c b/ctdb/server/ctdb_recoverd.c
index 68748aee70c..ef453d4737b 100644
--- a/ctdb/server/ctdb_recoverd.c
+++ b/ctdb/server/ctdb_recoverd.c
@@ -2353,13 +2353,13 @@ static void main_loop(struct ctdb_context *ctdb, struct ctdb_recoverd *rec,
pnn = ctdb_get_pnn(ctdb);
/* get nodemap */
- TALLOC_FREE(rec->nodemap);
- ret = ctdb_ctrl_getnodemap(ctdb, CONTROL_TIMEOUT(), pnn, rec, &rec->nodemap);
+ ret = ctdb_ctrl_getnodemap(ctdb, CONTROL_TIMEOUT(), pnn, rec, &nodemap);
if (ret != 0) {
- DEBUG(DEBUG_ERR, (__location__ " Unable to get nodemap from node %u\n", pnn));
+ DBG_ERR("Unable to get nodemap from node %"PRIu32"\n", pnn);
return;
}
- nodemap = rec->nodemap;
+ talloc_free(rec->nodemap);
+ rec->nodemap = nodemap;
/* remember our own node flags */
rec->node_flags = nodemap->nodes[pnn].flags;
View Lorry Controller Status