From: Michal Rakowski <michal.rakowski@baculasystems.com>
Date: Fri, 6 Aug 2021 21:40:59 +0000 (+0200)
Subject: Fix #7998 About dir crashing for client intiated backup
X-Git-Tag: Release-11.3.2~396
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f8da3a8a0f9c0af4178738c42b998a10ba5c28db;p=thirdparty%2Fbacula.git

Fix #7998 About dir crashing for client intiated backup

Description:
For client initiated backup, ua->UA_sock == jcr->file_bsock, see
(ua_run.c:275):
if (rc.fdcalled) {
      jcr->file_bsock = ua->UA_sock;
      jcr->file_bsock->set_jcr(jcr);
}

So when jcr is freed, the ua->UA_sock which is used by ua->error_msg
and others, is no longer valid.
---

diff --git a/bacula/src/dird/ua_run.c b/bacula/src/dird/ua_run.c
index 929e8a489..fa83f8e16 100644
--- a/bacula/src/dird/ua_run.c
+++ b/bacula/src/dird/ua_run.c
@@ -303,13 +303,15 @@ static JobId_t start_job(UAContext *ua, JCR *jcr, run_ctx &rc)
    }
    Dmsg4(100, "JobId=%u NewJobId=%d pool=%s priority=%d\n", (int)jcr->JobId,
          JobId, jcr->pool->name(), jcr->JobPriority);
-   free_jcr(jcr);                  /* release jcr */
    if (JobId == 0) {
       ua->error_msg(_("Job %s failed.\n"), edit_int64(rc.jr.JobId, ed1));
 
    } else {
       ua->send_msg(_("Job queued. JobId=%s\n"), edit_int64(JobId, ed1));
    }
+
+   free_jcr(jcr);                  /* release jcr */
+
    if (rc.fdcalled) {
       ua->signal(BNET_FDCALLED); /* After this point, this is a new connection */
       ua->UA_sock = new_bsock();