On Tue, Aug 06, 2013 at 09:35:22PM +0200, Jakub Hrozek wrote:
On Tue, Aug 06, 2013 at 09:25:55PM +0200, Jakub Hrozek wrote:
>
https://fedorahosted.org/sssd/ticket/1932
>
> There is a rather strange workaround in the nested groups processing
> code that calls tevent_req_post outside _send(). However, it broke in
> certain situations where the tevent_req_call resulted in req being freed,
> which freed state by extension and then the subsequent _post call was a
> use-after-free. This patch saves the two variables used outside state so
> that it's safe to use them even after the callback.
Sorry I forgot to make it clear that this commit only applies on the 1.9
branch. The rewritten nested groups processing that is present on 1.10
and 1.11 doesn't suffer from this problem.
Oh and one more remark -- Pavel suggested that we might even want to
call tevent_req_post before tevent_req_done. Since tevent_req_post
pretty much just schedules an immediate event, I think that would work,
too, but I'm not 100% sure I'm not missing any detail, so I opted for
this safer but uglier way, especially considering that the fix is only
targeting a maintenance branch.