lslebodn / SSSD / sssd

Forked from SSSD/sssd 7 years ago
Clone

15bde7d util/tev_curl: Fix double free error in schedule_fd_processing()

1 file Authored by atikhonov 5 years ago, Committed by jhrozek 5 years ago,
    util/tev_curl: Fix double free error in schedule_fd_processing()
    
    Prevents deletion of already executed timer.
    
    libcurl calls schedule_fd_processing every time it wants to have (new)
    timer setup. And it happens quite a lot of times.
    
    Being called schedule_fd_processing wants to delete previous timer before
    creating new one. That's basically proper action. The problem is it sometimes
    tries to delete non-existent (already executed and deleted by libtevent)
    timer. This is "double free" case.
    
    Proposed patch sets timer pointer in tcurl_ctx to NULL at the end of timer
    handler (actually can be placed anywhere in the handler: handler called =>
    timer deleted by libtevent). That prevents schedule_fd_processing from
    freeing already freed memory. And I think it is good idea overall to not
    have pointers to freed memory (dangling pointers). This should be safe
    operation since all processes are single-thread proces
    
    Resolves:
    https://pagure.io/SSSD/sssd/issue/3917
    
    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
    
        
file modified
+1 -0