#2532 Memory hierarchy issue in failover code
Closed: Invalid None Opened 5 years ago by jhrozek.

When writing unit tests for ticket #1884 I stumbled upon a memory hierarchy issue that's been in the failover code for some time.

Servers that share the same hostname also point to a single instance of a 'server_common' structure. This 'server_common' structure is allocated on top of the server context.

When the collapse_srv_lookup function is called, it frees all servers, which may trigger freeing the common structure. But a later callback fo_resolve_service_done iterates over a list of pending requests allocated on the common structure, which results in a use-after-free bug.

This bug is a blocker for #1884. Please file into the same milestone.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12.4

Fields changed

owner: somebody => jhrozek
status: new => assigned

I'm sorry, this was actually a bug in my tests..

resolution: => invalid
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.12.4

2 years ago

Login to comment on this ticket.