From: Michal Rakowski <michal.rakowski@baculasystems.com>
Date: Tue, 10 Aug 2021 10:51:06 +0000 (+0200)
Subject: Fix #7998 About dir crashing for client intiated backup
X-Git-Tag: Release-11.0.6~77
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac22bc3bbc084c59b8a0d01c29a5ffa8f9c81f45;p=thirdparty%2Fbacula.git

Fix #7998 About dir crashing for client intiated backup

Description:
For client initiated backup, ua->UA_sock == jcr->file_bsock, see
(ua_run.c:275):
if (rc.fdcalled) {
      jcr->file_bsock = ua->UA_sock;
      jcr->file_bsock->set_jcr(jcr);
}

So when jcr is freed, the ua->UA_sock which is used by ua->error_msg
and others, is no longer valid.
---

diff --git a/bacula/src/dird/ua_run.c b/bacula/src/dird/ua_run.c
index 01f7afbc7..a0086bcbf 100644
--- a/bacula/src/dird/ua_run.c
+++ b/bacula/src/dird/ua_run.c
@@ -303,18 +303,26 @@ static JobId_t start_job(UAContext *ua, JCR *jcr, run_ctx &rc)
    }
    Dmsg4(100, "JobId=%u NewJobId=%d pool=%s priority=%d\n", (int)jcr->JobId,
          JobId, jcr->pool->name(), jcr->JobPriority);
-   free_jcr(jcr);                  /* release jcr */
    if (JobId == 0) {
       ua->error_msg(_("Job %s failed.\n"), edit_int64(rc.jr.JobId, ed1));
 
    } else {
       ua->send_msg(_("Job queued. JobId=%s\n"), edit_int64(JobId, ed1));
    }
+
    if (rc.fdcalled) {
-      ua->signal(BNET_FDCALLED); /* After this point, this is a new connection */
-      ua->UA_sock = new_bsock();
+      if (JobId != 0) {
+         ua->signal(BNET_FDCALLED); /* After this point, this is a new connection */
+         ua->UA_sock = new_bsock();
+      } else {
+         /* Job failed to start, socket can be reset here so that we won't free ua->UA_socket*/
+         jcr->file_bsock = NULL;
+      }
       ua->quit = true;
    }
+
+   free_jcr(jcr);                  /* release jcr */
+
    return JobId;
 }