From 137649fc01e6914bbb86a2f5f16c7e03a2fa132d Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Fri, 22 Jan 2016 11:44:03 +0200 Subject: [PATCH] s3-parm: clean up defaults when removing global parameters BUG: https://bugzilla.samba.org/show_bug.cgi?id=11693 When globals are re-initialized, they are cleared and globals' talloc context is freed. However, parm_table still contains a reference to the global value in the defaults. This confuses lpcfg_string_free() after commit 795c543d858b2452f062a02846c2f908fe4cffe4 because it tries to free already freed pointer which is passed by lp_save_defaults(): .... case P_STRING: case P_USTRING: lpcfg_string_set(Globals.ctx, &parm_table[i].def.svalue, *(char **)lp_parm_ptr(NULL, &parm_table[i])); .... here &parm_table[i].def.svalue is passed to lpcfg_string_free() but it is a pointer to a value allocated with previous Globals.ctx which already was freed. This specifically affects registry backend of smb.conf in lp_load_ex() where init_globals() called explicitly to re-init globals after lp_save_defaults() if we have registry backend defined. Reviewed-by: Uri Simchoni Signed-off-by: Alexander Bokovoy Autobuild-User(master): Uri Simchoni Autobuild-Date(master): Mon Jan 25 23:58:42 CET 2016 on sn-devel-144 --- source3/param/loadparm.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 94de252..9bd47dc 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -402,8 +402,25 @@ static void free_parameters_by_snum(int snum) */ static void free_global_parameters(void) { + uint32_t i; + struct parm_struct *parm; + free_param_opts(&Globals.param_opt); free_parameters_by_snum(GLOBAL_SECTION_SNUM); + + /* Reset references in the defaults because the context is going to be freed */ + for (i=0; parm_table[i].label; i++) { + parm = &parm_table[i]; + if ((parm->type == P_STRING) || + (parm->type == P_USTRING)) { + if ((parm->def.svalue != NULL) && + (*(parm->def.svalue) != '\0')) { + if (talloc_parent(parm->def.svalue) == Globals.ctx) { + parm->def.svalue = NULL; + } + } + } + } TALLOC_FREE(Globals.ctx); } -- 2.5.5