[Pkg-sssd-devel] [Git][sssd-team/sssd][buster] Add schedule_fd_processing-crash-fix.diff to fix a crash in sssd-kcm. (Closes: #929473)

[Timo Aaltonen]

Timo Aaltonen pushed to branch buster at Debian SSSD packaging / sssd


Commits:
ba003526 by Sam Morris at 2020-02-29T15:31:53+00:00
Add schedule_fd_processing-crash-fix.diff to fix a crash in sssd-kcm. (Closes: #929473)

Related: https://pagure.io/SSSD/sssd/issue/4031

- - - - -


2 changed files:

- + debian/patches/schedule_fd_processing-crash-fix.diff
- debian/patches/series


Changes:

=====================================
debian/patches/schedule_fd_processing-crash-fix.diff
=====================================
@@ -0,0 +1,41 @@
+From 15bde7dab466fc4f2719ce709de9dac7e1e10de8 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono at redhat.com>
+Date: Thu, 3 Jan 2019 13:01:17 +0100
+Subject: [PATCH] util/tev_curl: Fix double free error in
+ schedule_fd_processing()
+
+Prevents deletion of already executed timer.
+
+libcurl calls schedule_fd_processing every time it wants to have (new)
+timer setup. And it happens quite a lot of times.
+
+Being called schedule_fd_processing wants to delete previous timer before
+creating new one. That's basically proper action. The problem is it sometimes
+tries to delete non-existent (already executed and deleted by libtevent)
+timer. This is "double free" case.
+
+Proposed patch sets timer pointer in tcurl_ctx to NULL at the end of timer
+handler (actually can be placed anywhere in the handler: handler called =>
+timer deleted by libtevent). That prevents schedule_fd_processing from
+freeing already freed memory. And I think it is good idea overall to not
+have pointers to freed memory (dangling pointers). This should be safe
+operation since all processes are single-thread proces
+
+Resolves:
+https://pagure.io/SSSD/sssd/issue/3917
+
+Reviewed-by: Jakub Hrozek <jhrozek at redhat.com>
+---
+ src/util/tev_curl.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- sssd.orig/src/util/tev_curl.c
++++ sssd/src/util/tev_curl.c
+@@ -414,6 +414,7 @@ static void check_fd_activity(struct tev
+ {
+     struct tcurl_ctx *tctx = talloc_get_type(private_data, struct tcurl_ctx);
+     check_curl_timeouts(tctx);
++    tctx->process_timer = NULL;
+ }
+ 
+ static int schedule_fd_processing(CURLM *multi,


=====================================
debian/patches/series
=====================================
@@ -2,3 +2,4 @@ fix-curl-ftbfs.diff
 fix_copy_ccache_test.diff 
 fix_authdata_krb5_1.17.diff
 fix-946847.diff
+schedule_fd_processing-crash-fix.diff



View it on GitLab: https://salsa.debian.org/sssd-team/sssd/-/commit/ba00352680dea1a8421394f90c2bcf3a26a8b1ab

-- 
View it on GitLab: https://salsa.debian.org/sssd-team/sssd/-/commit/ba00352680dea1a8421394f90c2bcf3a26a8b1ab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-sssd-devel/attachments/20200301/61ae843f/attachment-0001.html>