diff options
| author | Lukas Slebodnik <lslebodn@redhat.com> | 2015-05-28 16:28:08 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-05-31 19:35:57 +0200 |
| commit | df233bce93c6e6752cf22cd4244c85c94d68b17b (patch) | |
| tree | 7802456bec6a6623414c5bd2eea4641fd2f50258 | |
| parent | 1370bcccaed090f36d75e8a8cebb320ea1612b7e (diff) | |
| download | sssd-df233bce93c6e6752cf22cd4244c85c94d68b17b.tar.gz sssd-df233bce93c6e6752cf22cd4244c85c94d68b17b.tar.xz sssd-df233bce93c6e6752cf22cd4244c85c94d68b17b.zip | |
PROXY: Do not register signal with SA_SIGINFO
Argument "siginfo_t *siginfo" (void *__siginfo) was not used in
signal handlers pc_init_sig_handler, proxy_child_sig_handler.
siginfo is mostly used for additional information for about signal
and precesses (@see man 2 sigaction) and we store needed information
in custom context (private_data); It's tevent style.
Why backend crashed:
proxy_child_init_send creates request; forks a process and register
handler for signal SIGCHLD. Talloc parent of tevent_signal is previously
created request.
If proxy_child fails (return code is not 0) then SIGCHLD is received
handler pc_init_sig_handler is called. However pc_init_sig_handler can call
tevent_req_error for request which calls request callback and released
request.
tevent_signal_destructor was called as a part of releasing
tevent_signal. The destructor cleared siginfo in ring buffer for first time.
Then tevent tried to clear the same siginfo in ring buffer for the secont time
after returning from signal hander (pc_init_sig_handler). But it was already
cleared and it caused dereference of NULL pointer.
Resolves:
https://fedorahosted.org/sssd/ticket/2654
Reviewed-by: Michal Židek <mzidek@redhat.com>
| -rw-r--r-- | src/providers/proxy/proxy_auth.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/providers/proxy/proxy_auth.c b/src/providers/proxy/proxy_auth.c index d85320cf6..edf058edc 100644 --- a/src/providers/proxy/proxy_auth.c +++ b/src/providers/proxy/proxy_auth.c @@ -285,7 +285,7 @@ static struct tevent_req *proxy_child_init_send(TALLOC_CTX *mem_ctx, talloc_set_destructor((TALLOC_CTX *)state, pc_init_destructor); state->sige = tevent_add_signal(auth_ctx->be->ev, req, - SIGCHLD, SA_SIGINFO, + SIGCHLD, 0, pc_init_sig_handler, req); if (state->sige == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n"); @@ -466,7 +466,7 @@ static void proxy_child_init_done(struct tevent_req *subreq) { sige = tevent_add_signal(child_ctx->auth_ctx->be->ev, child_ctx->auth_ctx, - SIGCHLD, SA_SIGINFO, + SIGCHLD, 0, proxy_child_sig_handler, sig_ctx); if (sige == NULL) { |