From 41ceb4af9d0ab4a861a7df6eae837c2ce033b72d Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Tue, 13 Jun 2006 18:00:33 +0000 Subject: [PATCH] don't risk using dangling pointers when looping thru connections (ITS#4405) --- libraries/libldap/result.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/libraries/libldap/result.c b/libraries/libldap/result.c index 4a95d537c2..810348d2b9 100644 --- a/libraries/libldap/result.c +++ b/libraries/libldap/result.c @@ -239,7 +239,7 @@ wait4msg( *tvp; time_t start_time = 0; time_t tmp_time; - LDAPConn *lc, *nextlc; + LDAPConn *lc; assert( ld != NULL ); assert( result != NULL ); @@ -297,8 +297,7 @@ wait4msg( #ifdef LDAP_R_COMPILE ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex ); #endif - for ( lc = ld->ld_conns; lc != NULL; lc = nextlc ) { - nextlc = lc->lconn_next; + for ( lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next ) { if ( ber_sockbuf_ctrl( lc->lconn_sb, LBER_SB_OPT_DATA_READY, NULL ) ) { @@ -354,10 +353,10 @@ wait4msg( ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex ); ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex ); #endif - for ( lc = ld->ld_conns; rc == LDAP_MSG_X_KEEP_LOOKING && lc != NULL; - lc = nextlc ) + for ( lc = ld->ld_conns; + rc == LDAP_MSG_X_KEEP_LOOKING && lc != NULL; + lc = lc->lconn_next ) { - nextlc = lc->lconn_next; if ( lc->lconn_status == LDAP_CONNST_CONNECTED && ldap_is_read_ready( ld, lc->lconn_sb ) ) { @@ -365,10 +364,17 @@ wait4msg( ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex ); #endif rc = try_read1msg( ld, msgid, all, &lc, result ); - if ( lc == NULL ) lc = nextlc; #ifdef LDAP_R_COMPILE ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex ); #endif + if ( lc == NULL ) { + /* if lc gets free()'d, + * there's no guarantee + * lc->lconn_next is still + * sane; better restart + * (ITS#4405) */ + lc = ld->ld_conns; + } } } #ifdef LDAP_R_COMPILE -- 2.39.5