The Samba-Bugzilla – Attachment 10922 Details for
Bug 11180
Samba standard process model closes random files when forking more than once
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 4.1, cherry-picked from master
bug-11180.v4-1.patch (text/plain), 2.46 KB, created by
Michael Adam
on 2015-03-31 13:50:53 UTC
(
hide
)
Description:
Patch for 4.1, cherry-picked from master
Filename:
MIME Type:
Creator:
Michael Adam
Created:
2015-03-31 13:50:53 UTC
Size:
2.46 KB
patch
obsolete
>From f4507ea7b83b499c0c0af20ef1ec6a17e5aa606a Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 26 Mar 2015 10:48:31 +0100 >Subject: [PATCH] s4-process_model: Do not close random fds while forking. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11180 > >The issue has been found with nss_wrapper debug output running: > samba4.ntvfs.cifs.krb5.base.lock > >In the case here, we fork a child and close the fd without resetting >the pipe fd variable. Then the fd was used to open the nss_wrapper >hosts file which got the same fd. We forked again in the process model >called close() on the re-used fd (of the pipe variable) again without >nss_wrapper noticing. Now Samba opened the secrets tdb and got >the same fd as nss_wrapper was using for the hosts file and next >nss_wrapper tried to parse a TDB ... > >Pair-Programmed-With: Michael Adam <obnox@samba.org> >Signed-off-by: Andreas Schneider <asn@samba.org> >Signed-off-by: Michael Adam <obnox@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit f75182841d4a7d63bd070022270926e324631fa9) >--- > source4/smbd/process_standard.c | 12 +++++++++--- > 1 file changed, 9 insertions(+), 3 deletions(-) > >diff --git a/source4/smbd/process_standard.c b/source4/smbd/process_standard.c >index c5377b3..cbc63b6 100644 >--- a/source4/smbd/process_standard.c >+++ b/source4/smbd/process_standard.c >@@ -34,7 +34,7 @@ NTSTATUS process_model_standard_init(void); > /* we hold a pipe open in the parent, and the any child > processes wait for EOF on that pipe. This ensures that > children die when the parent dies */ >-static int child_pipe[2]; >+static int child_pipe[2] = { -1, -1 }; > > /* > called when the process model is selected >@@ -112,7 +112,10 @@ static void standard_accept_connection(struct tevent_context *ev, > > tevent_add_fd(ev, ev, child_pipe[0], TEVENT_FD_READ, > standard_pipe_handler, NULL); >- close(child_pipe[1]); >+ if (child_pipe[1] != -1) { >+ close(child_pipe[1]); >+ child_pipe[1] = -1; >+ } > > /* Ensure that the forked children do not expose identical random streams */ > set_need_random_reseed(); >@@ -170,7 +173,10 @@ static void standard_new_task(struct tevent_context *ev, > > tevent_add_fd(ev, ev, child_pipe[0], TEVENT_FD_READ, > standard_pipe_handler, NULL); >- close(child_pipe[1]); >+ if (child_pipe[1] != -1) { >+ close(child_pipe[1]); >+ child_pipe[1] = -1; >+ } > > /* Ensure that the forked children do not expose identical random streams */ > set_need_random_reseed(); >-- >2.1.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
obnox
:
review+
asn
:
review+
Actions:
View
Attachments on
bug 11180
:
10921
| 10922