From a04f65b1c703e7622ebc1a85170f9980c2b33227 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 4 Oct 2005 10:18:07 +0000 Subject: r10709: fixed a crash bug rather similar to the one volker found in the dcerpc code, where a stream_terminate_connection() while processing a request can cause a later defererence of the connection structure to die. (This used to be commit efbcb0f74176058a74d7134dae4658b891fc6f16) --- source4/ldap_server/ldap_server.c | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 71a7172e5c..83ce059756 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -40,11 +40,12 @@ static void ldapsrv_terminate_connection(struct ldapsrv_connection *conn, const char *reason) { - if (conn->tls) { - talloc_free(conn->tls); - conn->tls = NULL; - } - stream_terminate_connection(conn->connection, reason); + /* we don't actually do the stream termination here as the + recv/send functions dereference the connection after the + packet processing callbacks. Instead we mark it for + termination and do the real termination in the send/recv + functions */ + conn->terminate = reason; } /* @@ -299,6 +300,14 @@ static void ldapsrv_recv(struct stream_connection *c, uint16_t flags) conn->processing = False; EVENT_FD_READABLE(c->event.fde); + + if (conn->terminate) { + if (conn->tls) { + talloc_free(conn->tls); + conn->tls = NULL; + } + stream_terminate_connection(conn->connection, conn->terminate); + } } /* @@ -331,6 +340,14 @@ static void ldapsrv_send(struct stream_connection *c, uint16_t flags) if (conn->send_queue == NULL) { EVENT_FD_NOT_WRITEABLE(c->event.fde); } + + if (conn->terminate) { + if (conn->tls) { + talloc_free(conn->tls); + conn->tls = NULL; + } + stream_terminate_connection(conn->connection, conn->terminate); + } } /* -- cgit