diff options
author | Garming Sam <garming@catalyst.net.nz> | 2017-06-09 14:13:25 +1200 |
---|---|---|
committer | Garming Sam <garming@samba.org> | 2017-06-15 01:24:25 +0200 |
commit | 2f045e7fc147aab2a4c7f356f0ce834f47cdff42 (patch) | |
tree | f7a36d5c5f58bda082b8ece4595bee9f5fc956e9 /source4/smbd | |
parent | b158f6832358be01f71d93111aa789d7941a835e (diff) | |
download | samba-2f045e7fc147aab2a4c7f356f0ce834f47cdff42.tar.gz |
stream_terminate_connection: Prevent use-after-free
This sometimes would show up as corrupted bytes during logs. Hammering
the LDAP server enough times managed to trigger an outright segfault.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/smbd')
-rw-r--r-- | source4/smbd/service_stream.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/source4/smbd/service_stream.c b/source4/smbd/service_stream.c index bda28ad26f8..917a1876e07 100644 --- a/source4/smbd/service_stream.c +++ b/source4/smbd/service_stream.c @@ -55,6 +55,7 @@ void stream_terminate_connection(struct stream_connection *srv_conn, const char struct tevent_context *event_ctx = srv_conn->event.ctx; const struct model_ops *model_ops = srv_conn->model_ops; struct loadparm_context *lp_ctx = srv_conn->lp_ctx; + TALLOC_CTX *frame = NULL; if (!reason) reason = "unknown reason"; @@ -77,11 +78,20 @@ void stream_terminate_connection(struct stream_connection *srv_conn, const char return; } + frame = talloc_stackframe(); + + reason = talloc_strdup(frame, reason); + if (reason == NULL) { + reason = "OOM - unknown reason"; + } + talloc_free(srv_conn->event.fde); srv_conn->event.fde = NULL; imessaging_cleanup(srv_conn->msg_ctx); TALLOC_FREE(srv_conn); model_ops->terminate(event_ctx, lp_ctx, reason); + + TALLOC_FREE(frame); } /** |