On Tue, 2011-09-06 at 12:43 +0200, Jakub Hrozek wrote:
http://fedorahosted.org/sssd/ticket/989
John Hodrien found out that when paging is used while dereferencing an
entry, sssd_be may segfault on the second page.
This was because paging returned the control to sdap_generic_search
multiple times but sssd was freeing dereference control after the
first
search invocation. The subsequend sdap searched accessed memory that
was
already freed.
John confirmed off-list that this patch fixed his issue.
I was also considering copying the controls into the search request,
but
it seemed like a pointless allocation.
I am not sure freeing explicitly in the _done() function is bullet
proof. There are cases where we might kill the operation without going
through the _done() function.
You should rather allocate the ctrls array using talloc_zero(), and then
attach a destructor to free ctrls[0] if it is not NULL.
Simo.
--
Simo Sorce * Red Hat, Inc * New York