#3724 Access after free during kcm shutdown with a non-empty queue
Opened 7 months ago by pbrezina. Modified 3 months ago

Access after free during kcm shutdown with a non-empty queue. req is allocated on state at kcm_op_queue_send, then assigned to state->entry->req. If we free state, it first frees allocated req and then, state->entry which calls the destructor kcm_op_queue_entry_destructor which calls tevent_req_done(next_req->req) -> access after free.

Possible solution: make sure state->entry is freed first (add destructor to state)


Metadata Update from @pbrezina:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1572982

7 months ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.2

6 months ago

I tried the suggested solution, but it didn't work for me. Given that time is short before the next release, I'll move the ticket for the time being to 1.16.3

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.3 (was: SSSD 1.16.2)

5 months ago

Metadata Update from @fidencio:
- Issue assigned to fidencio

5 months ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.4 (was: SSSD 1.16.3)

3 months ago

Metadata Update from @fidencio:
- Assignee reset

3 months ago

Login to comment on this ticket.

Metadata