From c7a9b879db33ebb186575fb40eb6de8ab17489eb Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 10 Nov 2011 14:43:55 +0100 Subject: [PATCH] libcli/cldap: fix a crash bug in cldap_socket_recv_dgram() (bug #8593) After a calling any wrapper of tevent_req_notify_callback(), e.g. tevent_req_nterror(), tevent_req_done(), tevent_req_nomem(), a function has to return immediately otherwise it is very likely to crash. metze (similar to commit 17f1a97a614db4ed8292544988cb6a6cf56621d8) --- libcli/cldap/cldap.c | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-) diff --git a/libcli/cldap/cldap.c b/libcli/cldap/cldap.c index 363ffbd..aa34a6d 100644 --- a/libcli/cldap/cldap.c +++ b/libcli/cldap/cldap.c @@ -273,12 +273,9 @@ static bool cldap_socket_recv_dgram(struct cldap_socket *c, DLIST_REMOVE(c->searches.list, search); - if (!cldap_recvfrom_setup(c)) { - goto nomem; - } + cldap_recvfrom_setup(c); tevent_req_done(search->req); - talloc_free(in); return true; nomem: @@ -286,6 +283,7 @@ nomem: error: status = map_nt_error_from_unix(in->recv_errno); nterror: + TALLOC_FREE(in); /* in connected mode the first pending search gets the error */ if (!c->connected) { /* otherwise we just ignore the error */ @@ -294,9 +292,11 @@ nterror: if (!c->searches.list) { goto done; } + cldap_recvfrom_setup(c); tevent_req_nterror(c->searches.list->req, status); + return true; done: - talloc_free(in); + TALLOC_FREE(in); return false; } -- 1.7.4.1