#3724 Access after free during kcm shutdown with a non-empty queue

Created 5 months ago by pbrezina
Modified a month ago

Access after free during kcm shutdown with a non-empty queue. req is allocated on state at kcm_op_queue_send, then assigned to state->entry->req. If we free state, it first frees allocated req and then, state->entry which calls the destructor kcm_op_queue_entry_destructor which calls tevent_req_done(next_req->req) -> access after free.

Possible solution: make sure state->entry is freed first (add destructor to state)

5 months ago

Metadata Update from @pbrezina:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1572982

4 months ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.2

I tried the suggested solution, but it didn't work for me. Given that time is short before the next release, I'll move the ticket for the time being to 1.16.3

3 months ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.3 (was: SSSD 1.16.2)

3 months ago

Metadata Update from @fidencio:
- Issue assigned to fidencio

a month ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.4 (was: SSSD 1.16.3)

a month ago

Metadata Update from @fidencio:
- Assignee reset

Login to comment on this ticket.

https://bugzilla.redhat.com/show_bug.cgi?id=1572982

cancel