notifyd: prevent NULL deref segfault in notifyd_peer_destructor
authorMichael Adam <obnox@samba.org>
Fri, 20 May 2016 10:57:48 +0000 (12:57 +0200)
committerVolker Lendecke <vl@samba.org>
Fri, 20 May 2016 15:32:54 +0000 (17:32 +0200)
It seems it could happen that p->db == NULL in the list
from notifyd_clean_peers_next(). This has been seen in
a ctdb cluster when an node-internal ctdb interface is
brought down.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11930

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri May 20 17:32:55 CEST 2016 on sn-devel-144

source3/smbd/notifyd/notifyd.c

index 49fb9c9..45b029b 100644 (file)
@@ -1246,7 +1246,10 @@ static int notifyd_peer_destructor(struct notifyd_peer *p)
        struct notifyd_state *state = p->state;
        size_t i;
 
-       dbwrap_traverse_read(p->db, notifyd_db_del_syswatches, NULL, NULL);
+       if (p->db != NULL) {
+               dbwrap_traverse_read(p->db, notifyd_db_del_syswatches,
+                                    NULL, NULL);
+       }
 
        for (i = 0; i<state->num_peers; i++) {
                if (p == state->peers[i]) {