URL: https://github.com/SSSD/sssd/pull/968 Author: alexey-tikhonov Title: #968: util/sss_ptr_hash: fixed double free in sss_ptr_hash_delete_cb() Action: opened
PR body: """ Calling data->callback(value->ptr) in sss_ptr_hash_delete_cb() could lead to freeing of value->ptr and thus to destruction of value->spy that is attached to value->ptr. In turn sss_ptr_hash_spy_destructor() calls sss_ptr_hash_delete() -> hash_delete() -> sss_ptr_hash_delete_cb() again and in this recursive execution hash entry was actually deleted and value was freed. When stack was unwound back to "first" sss_ptr_hash_delete_cb() it tried to free value again => double free.
To prevent this bug value and hence spy are now freed before execution of data->callback(value->ptr).
Resolves: https://pagure.io/SSSD/sssd/issue/4135 """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/968/head:pr968 git checkout pr968
URL: https://github.com/SSSD/sssd/pull/968 Title: #968: util/sss_ptr_hash: fixed double free in sss_ptr_hash_delete_cb()
alexey-tikhonov commented: """ Note: backport to 1-16 is not required. """
See the full comment at https://github.com/SSSD/sssd/pull/968#issuecomment-573325730
URL: https://github.com/SSSD/sssd/pull/968 Title: #968: util/sss_ptr_hash: fixed double free in sss_ptr_hash_delete_cb()
Label: +Waiting for review
URL: https://github.com/SSSD/sssd/pull/968 Title: #968: util/sss_ptr_hash: fixed double free in sss_ptr_hash_delete_cb()
pbrezina commented: """ Ack.
This was introduced by f95db37aa8486304d0569d12a876b1c74ee1b0d1 which is not in `sssd-1-16` however it is a valid bug that needs to be addresses in 1.16 as well for autofs use case. Alexey, could you open a new PR against `sssd-1-16` that would cherry-pick f95db37aa8486304d0569d12a876b1c74ee1b0d1 and your patch?
"""
See the full comment at https://github.com/SSSD/sssd/pull/968#issuecomment-573658711
URL: https://github.com/SSSD/sssd/pull/968 Title: #968: util/sss_ptr_hash: fixed double free in sss_ptr_hash_delete_cb()
Label: -Waiting for review
URL: https://github.com/SSSD/sssd/pull/968 Title: #968: util/sss_ptr_hash: fixed double free in sss_ptr_hash_delete_cb()
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/968 Title: #968: util/sss_ptr_hash: fixed double free in sss_ptr_hash_delete_cb()
Label: +Ready to push
URL: https://github.com/SSSD/sssd/pull/968 Title: #968: util/sss_ptr_hash: fixed double free in sss_ptr_hash_delete_cb()
pbrezina commented: """ * `master` * 26e33b1984cce3549df170f58f8221201ad54cfd - util/sss_ptr_hash: fixed double free in sss_ptr_hash_delete_cb()
"""
See the full comment at https://github.com/SSSD/sssd/pull/968#issuecomment-574098681
URL: https://github.com/SSSD/sssd/pull/968 Title: #968: util/sss_ptr_hash: fixed double free in sss_ptr_hash_delete_cb()
Label: +Pushed
URL: https://github.com/SSSD/sssd/pull/968 Title: #968: util/sss_ptr_hash: fixed double free in sss_ptr_hash_delete_cb()
Label: -Accepted
URL: https://github.com/SSSD/sssd/pull/968 Title: #968: util/sss_ptr_hash: fixed double free in sss_ptr_hash_delete_cb()
Label: -Ready to push
URL: https://github.com/SSSD/sssd/pull/968 Author: alexey-tikhonov Title: #968: util/sss_ptr_hash: fixed double free in sss_ptr_hash_delete_cb() Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/968/head:pr968 git checkout pr968
URL: https://github.com/SSSD/sssd/pull/968 Title: #968: util/sss_ptr_hash: fixed double free in sss_ptr_hash_delete_cb()
alexey-tikhonov commented: """
This was introduced by [f95db37](https://github.com/SSSD/sssd/commit/f95db37aa8486304d0569d12a876b1c74ee1b0d1) which is not in `sssd-1-16` however it is a valid bug that needs to be addresses in 1.16 as well for autofs use case. Alexey, could you open a new PR against `sssd-1-16` that would cherry-pick [f95db37](https://github.com/SSSD/sssd/commit/f95db37aa8486304d0569d12a876b1c74ee1b0d1) and your patch?
PR970. I squashed two commits.
"""
See the full comment at https://github.com/SSSD/sssd/pull/968#issuecomment-574245133
URL: https://github.com/SSSD/sssd/pull/968 Title: #968: util/sss_ptr_hash: fixed double free in sss_ptr_hash_delete_cb()
alexey-tikhonov commented: """
This was introduced by [f95db37](https://github.com/SSSD/sssd/commit/f95db37aa8486304d0569d12a876b1c74ee1b0d1) which is not in `sssd-1-16` however it is a valid bug that needs to be addresses in 1.16 as well for autofs use case. Alexey, could you open a new PR against `sssd-1-16` that would cherry-pick [f95db37](https://github.com/SSSD/sssd/commit/f95db37aa8486304d0569d12a876b1c74ee1b0d1) and your patch?
[PR970](https://github.com/SSSD/sssd/pull/970). I squashed two commits.
"""
See the full comment at https://github.com/SSSD/sssd/pull/968#issuecomment-574245133
sssd-devel@lists.fedorahosted.org