The Samba-Bugzilla – Attachment 5597 Details for
Bug 7159
client rpc_transport doesn't cope with bad server data returns.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for v3-4
tmp.diff (text/plain), 3.88 KB, created by
Stefan Metzmacher
on 2010-04-06 08:21:58 UTC
(
hide
)
Description:
Patch for v3-4
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2010-04-06 08:21:58 UTC
Size:
3.88 KB
patch
obsolete
>From d30987ab93a33f01cb8c67fb9f9432a058208127 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 6 Apr 2010 12:20:02 +0200 >Subject: [PATCH 1/2] First part of fix for bug #7159 - client rpc_transport doesn't cope with bad server data returns. > >Ensure that subreq is *always* talloc_free'd in the _done >function, as it has an event timeout attached. If the >read requests look longer than the cli->timeout, then >the timeout fn is called with already freed data. > >Jeremy. >(cherry picked from commit ad77ae1d5870e06f8587ecf634e0b6bdcbb950d7) >(similar to commit 6e5b6b5acb30869eb63b25ed1406014101a5e89d) > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >--- > source3/rpc_client/rpc_transport_np.c | 4 ++++ > source3/rpc_client/rpc_transport_sock.c | 12 ++++++++++++ > 2 files changed, 16 insertions(+), 0 deletions(-) > >diff --git a/source3/rpc_client/rpc_transport_np.c b/source3/rpc_client/rpc_transport_np.c >index 80ff384..fdfbab4 100644 >--- a/source3/rpc_client/rpc_transport_np.c >+++ b/source3/rpc_client/rpc_transport_np.c >@@ -159,6 +159,9 @@ static void rpc_np_read_done(struct async_req *subreq) > NTSTATUS status; > uint8_t *rcvbuf; > >+ /* We must free subreq in this function as there is >+ a timer event attached to it. */ >+ > status = cli_read_andx_recv(subreq, &state->received, &rcvbuf); > /* > * We can't TALLOC_FREE(subreq) as usual here, as rcvbuf still is a >@@ -180,6 +183,7 @@ static void rpc_np_read_done(struct async_req *subreq) > } > > memcpy(state->data, rcvbuf, state->received); >+ TALLOC_FREE(subreq); > async_req_done(req); > } > >diff --git a/source3/rpc_client/rpc_transport_sock.c b/source3/rpc_client/rpc_transport_sock.c >index b1d9d8f..7115dc4 100644 >--- a/source3/rpc_client/rpc_transport_sock.c >+++ b/source3/rpc_client/rpc_transport_sock.c >@@ -76,11 +76,17 @@ static void rpc_sock_read_done(struct tevent_req *subreq) > req->private_data, struct rpc_sock_read_state); > int err; > >+ /* We must free subreq in this function as there is >+ a timer event attached to it. */ >+ > state->received = async_recv_recv(subreq, &err); >+ > if (state->received == -1) { >+ TALLOC_FREE(subreq); > async_req_nterror(req, map_nt_error_from_unix(err)); > return; > } >+ TALLOC_FREE(subreq); > async_req_done(req); > } > >@@ -137,11 +143,17 @@ static void rpc_sock_write_done(struct tevent_req *subreq) > req->private_data, struct rpc_sock_write_state); > int err; > >+ /* We must free subreq in this function as there is >+ a timer event attached to it. */ >+ > state->sent = async_send_recv(subreq, &err); >+ > if (state->sent == -1) { >+ TALLOC_FREE(subreq); > async_req_nterror(req, map_nt_error_from_unix(err)); > return; > } >+ TALLOC_FREE(subreq); > async_req_done(req); > } > >-- >1.6.3.3 > > >From eebb19ca3c4172c7b0c217ca05d328c4a42836e2 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Fri, 19 Feb 2010 14:24:17 -0800 >Subject: [PATCH 2/2] Second part of fix for bug #7159 - client rpc_transport doesn't cope with bad server data returns. > >If server returns zero on a NP read. Report pipe broken. >Prevents client from looping if it thinks there should be >more data. > >Jeremy. >(cherry picked from commit 0055e33dbed0e81548464d01bcf864255bab3159) >(cherry picked from commit f5ca9f84e9b511c2ba7a4280b1997daa441f9877) > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >--- > source3/rpc_client/rpc_transport_np.c | 6 ++++++ > 1 files changed, 6 insertions(+), 0 deletions(-) > >diff --git a/source3/rpc_client/rpc_transport_np.c b/source3/rpc_client/rpc_transport_np.c >index fdfbab4..4ea361b 100644 >--- a/source3/rpc_client/rpc_transport_np.c >+++ b/source3/rpc_client/rpc_transport_np.c >@@ -182,6 +182,12 @@ static void rpc_np_read_done(struct async_req *subreq) > return; > } > >+ if (state->received == 0) { >+ TALLOC_FREE(subreq); >+ async_req_nterror(req, NT_STATUS_PIPE_BROKEN); >+ return; >+ } >+ > memcpy(state->data, rcvbuf, state->received); > TALLOC_FREE(subreq); > async_req_done(req); >-- >1.6.3.3 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 7159
:
5401
|
5402
|
5403
| 5597