s3:messages: check tevent_fd_get_flags() == 0 before using stale event context pointer

If the event context got deleted, tevent_fd_get_flags() will return 0
for the stale fde.  In that case we should not use fde_ev->ev anymore.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

diff --git a/source3/lib/messages_ctdb.c b/source3/lib/messages_ctdb.c
index 66b9f55d256d580cb6e4328ca2b3ded788dfede2..d3e2e3f858937fbf7368a6267acd016ea7f4afc7 100644 (file)
--- a/source3/lib/messages_ctdb.c
+++ b/source3/lib/messages_ctdb.c
@@ -215,8 +215,18 @@ struct messaging_ctdb_fde *messaging_ctdb_register_tevent_context(
        }
 
        for (fde_ev = ctx->fde_evs; fde_ev != NULL; fde_ev = fde_ev->next) {
-               if ((fde_ev->ev == ev) &&
-                   (tevent_fd_get_flags(fde_ev->fde) != 0)) {
+               if (tevent_fd_get_flags(fde_ev->fde) == 0) {
+                       /*
+                        * If the event context got deleted,
+                        * tevent_fd_get_flags() will return 0
+                        * for the stale fde.
+                        *
+                        * In that case we should not
+                        * use fde_ev->ev anymore.
+                        */
+                       continue;
+               }
+               if (fde_ev->ev == ev) {
                        break;
                }
        }

diff --git a/source3/lib/messages_dgm.c b/source3/lib/messages_dgm.c
index b9cddc274c223b94a0792ce968e3460218c6343b..b8878b68b9967378f72741631dd7cd7d841c8e79 100644 (file)
--- a/source3/lib/messages_dgm.c
+++ b/source3/lib/messages_dgm.c
@@ -1679,8 +1679,18 @@ struct messaging_dgm_fde *messaging_dgm_register_tevent_context(
        }
 
        for (fde_ev = ctx->fde_evs; fde_ev != NULL; fde_ev = fde_ev->next) {
-               if ((fde_ev->ev == ev) &&
-                   (tevent_fd_get_flags(fde_ev->fde) != 0)) {
+               if (tevent_fd_get_flags(fde_ev->fde) == 0) {
+                       /*
+                        * If the event context got deleted,
+                        * tevent_fd_get_flags() will return 0
+                        * for the stale fde.
+                        *
+                        * In that case we should not
+                        * use fde_ev->ev anymore.
+                        */
+                       continue;
+               }
+               if (fde_ev->ev == ev) {
                        break;
                }
        }