From f89cf190f58f3f5c73758abd0a24974a78cb160b Mon Sep 17 00:00:00 2001 From: Pavel Reichl Date: Mon, 2 Dec 2013 14:51:59 +0000 Subject: monitor: use-after-free bugfix *monitor_kill_service* may create timed event which operates on *svc* and therefore *svc* should not be freed right after call of *monitor_kill_sercice*. *svc* is supposed to be freed by *mt_svc_restart*. --- src/monitor/monitor.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 92bac422a..5ea4fc930 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -716,7 +716,8 @@ static int service_signal(struct mt_svc *svc, const char *svc_signal) * order a service to reload that hasn't started * yet. */ - DEBUG(1,("Could not signal service [%s].\n", svc->name)); + DEBUG(SSSDBG_CRIT_FAILURE, + ("Could not signal service [%s].\n", svc->name)); return EIO; } @@ -724,10 +725,11 @@ static int service_signal(struct mt_svc *svc, const char *svc_signal) MONITOR_PATH, MONITOR_INTERFACE, svc_signal); - if (!msg) { - DEBUG(0,("Out of memory?!\n")); + if (msg == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, + ("Out of memory trying to allocate memory to invoke: %s\n", + svc_signal)); monitor_kill_service(svc); - talloc_free(svc); return ENOMEM; } -- cgit