summaryrefslogtreecommitdiff
path: root/source4/smbd
diff options
context:
space:
mode:
authorGarming Sam <garming@catalyst.net.nz>2017-06-09 14:13:25 +1200
committerGarming Sam <garming@samba.org>2017-06-15 01:24:25 +0200
commit2f045e7fc147aab2a4c7f356f0ce834f47cdff42 (patch)
treef7a36d5c5f58bda082b8ece4595bee9f5fc956e9 /source4/smbd
parentb158f6832358be01f71d93111aa789d7941a835e (diff)
downloadsamba-2f045e7fc147aab2a4c7f356f0ce834f47cdff42.tar.gz
stream_terminate_connection: Prevent use-after-free
This sometimes would show up as corrupted bytes during logs. Hammering the LDAP server enough times managed to trigger an outright segfault. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/smbd')
-rw-r--r--source4/smbd/service_stream.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/source4/smbd/service_stream.c b/source4/smbd/service_stream.c
index bda28ad26f8..917a1876e07 100644
--- a/source4/smbd/service_stream.c
+++ b/source4/smbd/service_stream.c
@@ -55,6 +55,7 @@ void stream_terminate_connection(struct stream_connection *srv_conn, const char
struct tevent_context *event_ctx = srv_conn->event.ctx;
const struct model_ops *model_ops = srv_conn->model_ops;
struct loadparm_context *lp_ctx = srv_conn->lp_ctx;
+ TALLOC_CTX *frame = NULL;
if (!reason) reason = "unknown reason";
@@ -77,11 +78,20 @@ void stream_terminate_connection(struct stream_connection *srv_conn, const char
return;
}
+ frame = talloc_stackframe();
+
+ reason = talloc_strdup(frame, reason);
+ if (reason == NULL) {
+ reason = "OOM - unknown reason";
+ }
+
talloc_free(srv_conn->event.fde);
srv_conn->event.fde = NULL;
imessaging_cleanup(srv_conn->msg_ctx);
TALLOC_FREE(srv_conn);
model_ops->terminate(event_ctx, lp_ctx, reason);
+
+ TALLOC_FREE(frame);
}
/**
View Lorry Controller Status