Fix double free in monitor
- Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT
This commit is contained in:
parent
db015a65d2
commit
e44e27dae9
61
0004-MONITOR-Fix-double-free.patch
Normal file
61
0004-MONITOR-Fix-double-free.patch
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
From 2aac87a3dfc12ba1187c7045635cac0647d397d9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lukas Slebodnik <lslebodn@redhat.com>
|
||||||
|
Date: Thu, 12 Feb 2015 19:10:34 +0100
|
||||||
|
Subject: [PATCH 4/4] MONITOR: Fix double free
|
||||||
|
|
||||||
|
If kill timer was successfully executed then it will be released by libtevent.
|
||||||
|
So we should not released it in mt_svc_exit_handler for the second time.
|
||||||
|
|
||||||
|
[sssd] [mt_svc_exit_handler] (0x0040): Child [ifp] terminated with signal [9]
|
||||||
|
[sssd] [talloc_log_fn] (0x0010): talloc: access after free error - first free
|
||||||
|
may be at ../tevent_timed.c:351
|
||||||
|
[sssd] [talloc_log_fn] (0x0010): Bad talloc magic value - access after free
|
||||||
|
|
||||||
|
==19129== Invalid read of size 4
|
||||||
|
==19129== at 0x50470CD: talloc_chunk_from_ptr (talloc.c:372)
|
||||||
|
==19129== by 0x50470CD: _talloc_free (talloc.c:1559)
|
||||||
|
==19129== by 0x11086C: mt_svc_exit_handler (monitor.c:2754)
|
||||||
|
==19129== by 0x8AF9B2F: sss_child_invoke_cb (child_common.c:181)
|
||||||
|
==19129== by 0x4E39823: tevent_common_loop_immediate (tevent_immediate.c:135)
|
||||||
|
==19129== by 0x4E3AF4D: poll_event_loop_once (tevent_poll.c:649)
|
||||||
|
==19129== by 0x4E38FEC: _tevent_loop_once (tevent.c:530)
|
||||||
|
==19129== by 0x4E3AA4A: poll_event_loop_wait (tevent_poll.c:677)
|
||||||
|
==19129== by 0x84C4B02: server_loop (server.c:668)
|
||||||
|
==19129== by 0x10D9A6: main (monitor.c:3028)
|
||||||
|
==19129== Address 0xb8a06c0 is 64 bytes inside a block of size 176 free'd
|
||||||
|
==19129== at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
|
||||||
|
==19129== by 0x50472F2: _talloc_free_internal (talloc.c:1057)
|
||||||
|
==19129== by 0x50472F2: _talloc_free (talloc.c:1581)
|
||||||
|
==19129== by 0x4E3D0A3: tevent_common_loop_timer_delay (tevent_timed.c:351)
|
||||||
|
==19129== by 0x4E3AF59: poll_event_loop_once (tevent_poll.c:653)
|
||||||
|
==19129== by 0x4E38FEC: _tevent_loop_once (tevent.c:530)
|
||||||
|
==19129== by 0x4E3AA4A: poll_event_loop_wait (tevent_poll.c:677)
|
||||||
|
==19129== by 0x84C4B02: server_loop (server.c:668)
|
||||||
|
==19129== by 0x10D9A6: main (monitor.c:3028)
|
||||||
|
|
||||||
|
Resolves:
|
||||||
|
https://fedorahosted.org/sssd/ticket/2572
|
||||||
|
|
||||||
|
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
|
(cherry picked from commit 373946b540eaa5d97c6efb39629195dbe2a1f015)
|
||||||
|
---
|
||||||
|
src/monitor/monitor.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
|
||||||
|
index afefe7f11c15ad343e8a79dceeff5a89e2787add..f171c05acd2c770ab9ffad2429d92c5041bcdb59 100644
|
||||||
|
--- a/src/monitor/monitor.c
|
||||||
|
+++ b/src/monitor/monitor.c
|
||||||
|
@@ -646,6 +646,9 @@ static void mt_svc_sigkill(struct tevent_context *ev,
|
||||||
|
"[%s][%d] is not responding to SIGTERM. Sending SIGKILL.\n",
|
||||||
|
svc->name, svc->pid);
|
||||||
|
|
||||||
|
+ /* timer was succesfully executed and it will be released by tevent */
|
||||||
|
+ svc->kill_timer = NULL;
|
||||||
|
+
|
||||||
|
ret = kill(svc->pid, SIGKILL);
|
||||||
|
if (ret != EOK) {
|
||||||
|
ret = errno;
|
||||||
|
--
|
||||||
|
2.1.0
|
||||||
|
|
@ -27,7 +27,7 @@
|
|||||||
|
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 1.12.3
|
Version: 1.12.3
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
@ -39,6 +39,7 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
|||||||
Patch0001: 0001-logrotate-Fix-warning-file-size-changed-while-zippin.patch
|
Patch0001: 0001-logrotate-Fix-warning-file-size-changed-while-zippin.patch
|
||||||
Patch0002: 0002-MAN-dyndns_iface-supports-only-one-interface.patch
|
Patch0002: 0002-MAN-dyndns_iface-supports-only-one-interface.patch
|
||||||
Patch0003: 0003-krb5-fix-entry-order-in-MEMORY-keytab.patch
|
Patch0003: 0003-krb5-fix-entry-order-in-MEMORY-keytab.patch
|
||||||
|
Patch0004: 0004-MONITOR-Fix-double-free.patch
|
||||||
|
|
||||||
### Dependencies ###
|
### Dependencies ###
|
||||||
Requires: sssd-common = %{version}-%{release}
|
Requires: sssd-common = %{version}-%{release}
|
||||||
@ -886,6 +887,11 @@ if [ $1 -eq 0 ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Feb 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-5
|
||||||
|
- Fix double free in monitor
|
||||||
|
- Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort():
|
||||||
|
sssd killed by SIGABRT
|
||||||
|
|
||||||
* Thu Jan 22 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-4
|
* Thu Jan 22 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-4
|
||||||
- Decrease priority of sssd-libwbclient 20 -> 5
|
- Decrease priority of sssd-libwbclient 20 -> 5
|
||||||
- It should be lower than priority of samba veriosn of libwbclient.
|
- It should be lower than priority of samba veriosn of libwbclient.
|
||||||
|
Loading…
Reference in New Issue
Block a user