From ac22bc3bbc084c59b8a0d01c29a5ffa8f9c81f45 Mon Sep 17 00:00:00 2001
From: Michal Rakowski <michal.rakowski@baculasystems.com>
Date: Tue, 10 Aug 2021 12:51:06 +0200
Subject: [PATCH] Fix #7998 About dir crashing for client intiated backup

Description:
For client initiated backup, ua->UA_sock == jcr->file_bsock, see
(ua_run.c:275):
if (rc.fdcalled) {
      jcr->file_bsock = ua->UA_sock;
      jcr->file_bsock->set_jcr(jcr);
}

So when jcr is freed, the ua->UA_sock which is used by ua->error_msg
and others, is no longer valid.
---
 bacula/src/dird/ua_run.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/bacula/src/dird/ua_run.c b/bacula/src/dird/ua_run.c
index 01f7afbc7..a0086bcbf 100644
--- a/bacula/src/dird/ua_run.c
+++ b/bacula/src/dird/ua_run.c
@@ -303,18 +303,26 @@ static JobId_t start_job(UAContext *ua, JCR *jcr, run_ctx &rc)
    }
    Dmsg4(100, "JobId=%u NewJobId=%d pool=%s priority=%d\n", (int)jcr->JobId,
          JobId, jcr->pool->name(), jcr->JobPriority);
-   free_jcr(jcr);                  /* release jcr */
    if (JobId == 0) {
       ua->error_msg(_("Job %s failed.\n"), edit_int64(rc.jr.JobId, ed1));
 
    } else {
       ua->send_msg(_("Job queued. JobId=%s\n"), edit_int64(JobId, ed1));
    }
+
    if (rc.fdcalled) {
-      ua->signal(BNET_FDCALLED); /* After this point, this is a new connection */
-      ua->UA_sock = new_bsock();
+      if (JobId != 0) {
+         ua->signal(BNET_FDCALLED); /* After this point, this is a new connection */
+         ua->UA_sock = new_bsock();
+      } else {
+         /* Job failed to start, socket can be reset here so that we won't free ua->UA_socket*/
+         jcr->file_bsock = NULL;
+      }
       ua->quit = true;
    }
+
+   free_jcr(jcr);                  /* release jcr */
+
    return JobId;
 }
 
-- 
2.47.3