Fix bug #1300038
PANIC: Bad talloc magic value - wrong talloc version used/mixed
This commit is contained in:
Alexander Bokovoy
parent
ba253b85dc
commit
196c353d92
@ -0,0 +1,65 @@
|
||||
From d8a03eeab8ece3d9001b087fc658272174f92a25 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Bokovoy <ab@samba.org>
|
||||
Date: Fri, 22 Jan 2016 11:44:03 +0200
|
||||
Subject: [PATCH] s3-parm: clean up defaults when removing global parameters
|
||||
|
||||
When globals are re-initialized, they are cleared and globals' talloc
|
||||
context is freed. However, parm_table still contains a reference to the
|
||||
global value in the defaults. This confuses lpcfg_string_free() after
|
||||
commit 795c543d858b2452f062a02846c2f908fe4cffe4 because it tries to
|
||||
free already freed pointer which is passed by lp_save_defaults():
|
||||
|
||||
....
|
||||
case P_STRING:
|
||||
case P_USTRING:
|
||||
lpcfg_string_set(Globals.ctx,
|
||||
&parm_table[i].def.svalue,
|
||||
*(char **)lp_parm_ptr(NULL, &parm_table[i]));
|
||||
....
|
||||
|
||||
here &parm_table[i].def.svalue is passed to lpcfg_string_free() but it
|
||||
is a pointer to a value allocated with previous Globals.ctx which
|
||||
already was freed.
|
||||
|
||||
This specifically affects registry backend of smb.conf in lp_load_ex()
|
||||
where init_globals() called explicitly to re-init globals after
|
||||
lp_save_defaults() if we have registry backend defined.
|
||||
|
||||
Signed-off-by: Alexander Bokovoy <ab@samba.org>
|
||||
---
|
||||
source3/param/loadparm.c | 17 +++++++++++++++++
|
||||
1 file changed, 17 insertions(+)
|
||||
|
||||
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
|
||||
index 9f4a2b4..f8ecab7 100644
|
||||
--- a/source3/param/loadparm.c
|
||||
+++ b/source3/param/loadparm.c
|
||||
@@ -399,8 +399,25 @@ static void free_parameters_by_snum(int snum)
|
||||
*/
|
||||
static void free_global_parameters(void)
|
||||
{
|
||||
+ uint32_t i;
|
||||
+ struct parm_struct *parm;
|
||||
+
|
||||
free_param_opts(&Globals.param_opt);
|
||||
free_parameters_by_snum(GLOBAL_SECTION_SNUM);
|
||||
+
|
||||
+ /* Reset references in the defaults because the context is going to be freed */
|
||||
+ for (i=0; parm_table[i].label; i++) {
|
||||
+ parm = &parm_table[i];
|
||||
+ if ((parm->type == P_STRING) ||
|
||||
+ (parm->type == P_USTRING)) {
|
||||
+ if ((parm->def.svalue != NULL) &&
|
||||
+ (*(parm->def.svalue) != '\0')) {
|
||||
+ if (talloc_parent(parm->def.svalue) == Globals.ctx) {
|
||||
+ parm->def.svalue = NULL;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
TALLOC_FREE(Globals.ctx);
|
||||
}
|
||||
|
||||
--
|
||||
2.5.0
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
# ctdb is enabled by default, you can disable it with: --without clustering
|
||||
%bcond_without clustering
|
||||
|
||||
%define main_release 0
|
||||
%define main_release 1
|
||||
|
||||
%define samba_version 4.3.4
|
||||
%define talloc_version 2.1.3
|
||||
@ -107,6 +107,8 @@ Source6: samba.pamd
|
||||
Source200: README.dc
|
||||
Source201: README.downgrade
|
||||
|
||||
Patch1: samba-4.3-s3-parm-clean-up-defaults-when-removing-global-param.patch
|
||||
|
||||
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
||||
|
||||
Requires(pre): /usr/sbin/groupadd
|
||||
@ -670,6 +672,7 @@ and use CTDB instead.
|
||||
|
||||
%prep
|
||||
%setup -q -n samba-%{version}%{pre_release}
|
||||
%patch1 -p1
|
||||
|
||||
%build
|
||||
%global _talloc_lib ,talloc,pytalloc,pytalloc-util
|
||||
@ -1978,6 +1981,9 @@ rm -rf %{buildroot}
|
||||
%endif # with_clustering_support
|
||||
|
||||
%changelog
|
||||
* Fri Jan 22 2016 Alexander Bokovoy <abokovoy@redhat.com> - 4.3.4-1
|
||||
- resolves: #1300038 - PANIC: Bad talloc magic value - wrong talloc version used/mixed
|
||||
|
||||
* Tue Jan 12 2016 Guenther Deschner <gdeschner@redhat.com> - 4.3.4-0
|
||||
- resolves: #1261230 - Update to Samba 4.3.4
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user