Bug 12372 - ctdb: bad free in ctdbd_migrate()
ctdb: bad free in ctdbd_migrate()
Status: RESOLVED FIXED
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Clustering
4.5.0
All All
: P5 normal
: ---
Assigned To: Karolin Seeger
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-10-10 16:55 UTC by David Disseldorp
Modified: 2016-11-01 07:48 UTC (History)
4 users (show)

See Also:


Attachments
fix cherry-picked for v4-4-test (1.03 KB, patch)
2016-10-11 09:21 UTC, David Disseldorp
asn: review+
Details
fix cherry picked for 4-5-test (1.03 KB, patch)
2016-10-11 09:22 UTC, David Disseldorp
asn: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description David Disseldorp 2016-10-10 16:55:38 UTC
As reported and fixed by Ralph Wuerthner, the ctdbd_migrate() error path may talloc_free() an uninitialized hdr pointer.
Comment 1 David Disseldorp 2016-10-10 17:03:36 UTC
Patch pending upstream:
https://lists.samba.org/archive/samba-technical/2016-October/116620.html
Comment 2 David Disseldorp 2016-10-11 09:21:54 UTC
Created attachment 12561 [details]
fix cherry-picked for v4-4-test
Comment 3 David Disseldorp 2016-10-11 09:22:32 UTC
Created attachment 12562 [details]
fix cherry picked for 4-5-test
Comment 4 Andreas Schneider 2016-10-12 13:22:38 UTC
Karolin, please add the patches to the relevant branches. Thanks!
Comment 5 Karolin Seeger 2016-10-19 07:59:02 UTC
(In reply to Andreas Schneider from comment #4)
Pushed to autobuild-v4-{5,4}-test.
Comment 6 Karolin Seeger 2016-10-25 07:52:20 UTC
(In reply to Karolin Seeger from comment #5)
Hmm, this somehow did not end up in the release branches. :-(
As the releases will be tomorrow, it's too late to push it to autobuild again now.
Will be included in the next bugfix releases then.
Comment 7 Karolin Seeger 2016-10-31 10:12:02 UTC
(In reply to Karolin Seeger from comment #6)
Pushed to autobuild-v4-{5,4}-test.
Comment 8 Karolin Seeger 2016-11-01 07:48:27 UTC
(In reply to Karolin Seeger from comment #7)
Pushed to both branches.
Closing out bug report.

Thanks!