The branch, master has been updated
via 9ce583b swrap: fix use-after-free in swrap_remove_stale()
via ddba8cf swrap: slightly cleanup logic in swrap_close
via 3b39c88 swrap: fix use-after-free in swrap_close
from d4cdce1 swrap: Fix build on Solaris
https://git.samba.org/?p=socket_wrapper.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 9ce583b6cd6f55d473e5b54794fb06450997ebc8
Author: Michael Adam <[email protected]>
Date: Tue Oct 25 13:46:18 2016 +0200
swrap: fix use-after-free in swrap_remove_stale()
Signed-off-by: Michael Adam <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit ddba8cf2058d662d628fc62f5896b873754ba7c3
Author: Michael Adam <[email protected]>
Date: Tue Oct 25 13:42:05 2016 +0200
swrap: slightly cleanup logic in swrap_close
This moves the libc_close() to one central point, thereby
grouping the fd-related operations together and the the
socket-info related operations after that.
Signed-off-by: Michael Adam <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit 3b39c88b138f88bffc7d71572a9c6a83e54a03c9
Author: Michael Adam <[email protected]>
Date: Tue Oct 25 13:41:29 2016 +0200
swrap: fix use-after-free in swrap_close
Signed-off-by: Michael Adam <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
src/socket_wrapper.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/src/socket_wrapper.c b/src/socket_wrapper.c
index 82d27e5..40e2f04 100644
--- a/src/socket_wrapper.c
+++ b/src/socket_wrapper.c
@@ -1721,17 +1721,19 @@ static void swrap_remove_stale(int fd)
{
struct socket_info_fd *fi = find_socket_info_fd(fd);
struct socket_info *si;
+ int si_index;
if (fi == NULL) {
return;
}
- si = &sockets[fi->si_index];
+ si_index = fi->si_index;
SWRAP_LOG(SWRAP_LOG_TRACE, "remove stale wrapper for %d", fd);
SWRAP_DLIST_REMOVE(socket_fds, fi);
free(fi);
+ si = &sockets[fi->si_index];
si->refcount--;
if (si->refcount > 0) {
@@ -1743,7 +1745,7 @@ static void swrap_remove_stale(int fd)
}
si->next_free = first_free;
- first_free = fi->si_index;
+ first_free = si_index;
}
static int sockaddr_convert_to_un(struct socket_info *si,
@@ -5351,30 +5353,32 @@ static int swrap_close(int fd)
{
struct socket_info_fd *fi = find_socket_info_fd(fd);
struct socket_info *si = NULL;
+ int si_index;
int ret;
if (fi == NULL) {
return libc_close(fd);
}
- si = &sockets[fi->si_index];
+ si_index = fi->si_index;
SWRAP_DLIST_REMOVE(socket_fds, fi);
free(fi);
+ ret = libc_close(fd);
+
+ si = &sockets[si_index];
si->refcount--;
if (si->refcount > 0) {
/* there are still references left */
- return libc_close(fd);
+ return ret;
}
if (si->myname.sa_socklen > 0 && si->peername.sa_socklen > 0) {
swrap_pcap_dump_packet(si, NULL, SWRAP_CLOSE_SEND, NULL, 0);
}
- ret = libc_close(fd);
-
if (si->myname.sa_socklen > 0 && si->peername.sa_socklen > 0) {
swrap_pcap_dump_packet(si, NULL, SWRAP_CLOSE_RECV, NULL, 0);
swrap_pcap_dump_packet(si, NULL, SWRAP_CLOSE_ACK, NULL, 0);
@@ -5385,7 +5389,7 @@ static int swrap_close(int fd)
}
si->next_free = first_free;
- first_free = fi->si_index;
+ first_free = si_index;
return ret;
}
--
Socket Wrapper Repository
