On Tue, Sep 06, 2011 at 08:15:16AM -0400, Simo Sorce wrote:
On Tue, 2011-09-06 at 12:43 +0200, Jakub Hrozek wrote:
>
>
>
http://fedorahosted.org/sssd/ticket/989
>
> John Hodrien found out that when paging is used while dereferencing an
> entry, sssd_be may segfault on the second page.
>
> This was because paging returned the control to sdap_generic_search
> multiple times but sssd was freeing dereference control after the
> first
> search invocation. The subsequend sdap searched accessed memory that
> was
> already freed.
>
> John confirmed off-list that this patch fixed his issue.
>
> I was also considering copying the controls into the search request,
> but
> it seemed like a pointless allocation.
I am not sure freeing explicitly in the _done() function is bullet
proof. There are cases where we might kill the operation without going
through the _done() function.
You should rather allocate the ctrls array using talloc_zero(), and then
attach a destructor to free ctrls[0] if it is not NULL.
Good idea, a new patch is attached.