#3724 Access after free during kcm shutdown with a non-empty queue
Closed: cloned-to-github 2 years ago by pbrezina. Opened 4 years ago by pbrezina.

Access after free during kcm shutdown with a non-empty queue. req is allocated on state at kcm_op_queue_send, then assigned to state->entry->req. If we free state, it first frees allocated req and then, state->entry which calls the destructor kcm_op_queue_entry_destructor which calls tevent_req_done(next_req->req) -> access after free.

Possible solution: make sure state->entry is freed first (add destructor to state)


Metadata Update from @pbrezina:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1572982

4 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.2

4 years ago

I tried the suggested solution, but it didn't work for me. Given that time is short before the next release, I'll move the ticket for the time being to 1.16.3

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.3 (was: SSSD 1.16.2)

3 years ago

Metadata Update from @fidencio:
- Issue assigned to fidencio

3 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.4 (was: SSSD 1.16.3)

3 years ago

Metadata Update from @fidencio:
- Assignee reset

3 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.2 (was: SSSD 1.16.4)
- Issue tagged with: KCM

3 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.3 (was: SSSD 2.2)

2 years ago

Metadata Update from @thalman:
- Issue tagged with: bugzilla

2 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4733

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @pbrezina:
- Issue close_status updated to: cloned-to-github
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.

Metadata