Add code to clear the pointer to an object in an OMAPI handle when the

object is freed due to a dereference.  [ISC-Bugs #21306]

diff --git a/RELNOTES b/RELNOTES
index a21b11bc2e6d3dab6c28ee8ac0c14340850af0a5..e0afdbf2f0f6579f814acfcaba8dc602d1f82393 100644 (file)
--- a/RELNOTES
+++ b/RELNOTES
@@ -57,6 +57,9 @@ work on other platforms. Please report any problems and suggested fixes to
   from David Cantrell at Red Hat.
   [ISC-Bugs #20264] and parts of [ISC-Bugs #17744] dhclient.8 changes
 
+- Add code to clear the pointer to an object in an OMAPI handle when the
+  object is freed due to a dereference.  [ISC-Bugs #21306]
+
                        Changes since 4.2.0rc1
 
 - Documentation cleanup covering multiple tickets

diff --git a/includes/omapip/omapip_p.h b/includes/omapip/omapip_p.h
index f6db2829f058ef509aa2770af5f889bc23bd14b5..1fab5a9666183a2eaafe9f051de4c731a54f6450 100644 (file)
--- a/includes/omapip/omapip_p.h
+++ b/includes/omapip/omapip_p.h
@@ -3,8 +3,8 @@
    Private master include file for the OMAPI library. */
 
 /*
- * Copyright (c) 2004,2007,2009-2010
- *                             by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2009-2010 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2004,2007 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 1996-2003 by Internet Software Consortium
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -282,6 +282,8 @@ void omapi_connection_register (omapi_connection_object_t *,
 OMAPI_ARRAY_TYPE_DECL(omapi_listener, omapi_listener_object_t);
 OMAPI_ARRAY_TYPE_DECL(omapi_connection, omapi_connection_object_t);
 
+isc_result_t omapi_handle_clear(omapi_handle_t);
+
 extern int log_priority;
 extern int log_perror;
 extern void (*log_cleanup) (void);

diff --git a/omapip/alloc.c b/omapip/alloc.c
index 1aad00c1fbed9591a90ab3edbece4fd475a04505..69172a5bcc18c904bd13488cfb4abc17ac49495e 100644 (file)
--- a/omapip/alloc.c
+++ b/omapip/alloc.c
@@ -684,6 +684,13 @@ isc_result_t omapi_object_dereference (omapi_object_t **h,
 /*                     if (!hp -> type -> freer) */
                                rc_register (file, line, h, hp,
                                             0, 1, hp -> type -> rc_flag);
+                       if (handle_reference) {
+                               if (omapi_handle_clear(hp->handle) != 
+                                   ISC_R_SUCCESS) {
+                                       log_debug("Attempt to clear null "
+                                                 "handle pointer");
+                               }
+                       }
                        if (hp -> type -> destroy)
                                (*(hp -> type -> destroy)) (hp, file, line);
                        if (hp -> type -> freer)

diff --git a/omapip/handle.c b/omapip/handle.c
index 65c361d16cfa53aebfb946ba30a0d36d784b1f65..b69ef126e8fe83538b059e503216db9178343518 100644 (file)
--- a/omapip/handle.c
+++ b/omapip/handle.c
@@ -3,7 +3,8 @@
    Functions for maintaining handles on objects. */
 
 /*
- * Copyright (c) 2004-2007,2009 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2009-2010 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2004-2007 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 1999-2003 by Internet Software Consortium
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -63,9 +64,13 @@
 omapi_handle_table_t *omapi_handle_table;
 omapi_handle_t omapi_next_handle = 1;  /* Next handle to be assigned. */
 
+#define FIND_HAND  0
+#define CLEAR_HAND 1
+
 static isc_result_t omapi_handle_lookup_in (omapi_object_t **,
                                            omapi_handle_t,
-                                           omapi_handle_table_t *);
+                                           omapi_handle_table_t *,
+                                           int);
 static isc_result_t omapi_object_handle_in_table (omapi_handle_t,
                                                  omapi_handle_table_t *,
                                                  omapi_object_t *);
@@ -239,42 +244,47 @@ static isc_result_t omapi_handle_table_enclose (omapi_handle_table_t **table)
 
 isc_result_t omapi_handle_lookup (omapi_object_t **o, omapi_handle_t h)
 {
-       return omapi_handle_lookup_in (o, h, omapi_handle_table);
+       return(omapi_handle_lookup_in(o, h, omapi_handle_table, FIND_HAND));
 }
 
 static isc_result_t omapi_handle_lookup_in (omapi_object_t **o,
                                            omapi_handle_t h,
-                                           omapi_handle_table_t *table)
-
+                                           omapi_handle_table_t *table,
+                                           int op)
 {
        omapi_handle_table_t *inner;
        omapi_handle_t scale, index;
 
-       if (!table || table -> first > h || table -> limit <= h)
-               return ISC_R_NOTFOUND;
+       if (!table || table->first > h || table->limit <= h)
+               return(ISC_R_NOTFOUND);
        
        /* If this is a leaf table, just grab the object. */
-       if (table -> leafp) {
+       if (table->leafp) {
                /* Not there? */
-               if (!table -> children [h - table -> first].object)
-                       return ISC_R_NOTFOUND;
-               return omapi_object_reference
-                       (o, table -> children [h - table -> first].object,
-                        MDL);
+               if (!table->children[h - table->first].object)
+                       return(ISC_R_NOTFOUND);
+               if (op == CLEAR_HAND) {
+                       table->children[h - table->first].object = NULL;
+                       return(ISC_R_SUCCESS);
+               } else {
+                       return(omapi_object_reference
+                              (o, table->children[h - table->first].object,
+                               MDL));
+               }
        }
 
        /* Scale is the number of handles represented by each child of this
           table.   For a leaf table, scale would be 1.   For a first level
           of indirection, 120.   For a second, 120 * 120.   Et cetera. */
-       scale = (table -> limit - table -> first) / OMAPI_HANDLE_TABLE_SIZE;
+       scale = (table->limit - table->first) / OMAPI_HANDLE_TABLE_SIZE;
 
        /* So the next most direct table from this one that contains the
           handle must be the subtable of this table whose index into this
           table's array of children is the handle divided by the scale. */
-       index = (h - table -> first) / scale;
-       inner = table -> children [index].table;
+       index = (h - table->first) / scale;
+       inner = table->children[index].table;
 
-       return omapi_handle_lookup_in (o, h, table -> children [index].table);
+       return(omapi_handle_lookup_in(o, h, table->children[index].table, op));
 }
 
 /* For looking up objects based on handles that have been sent on the wire. */
@@ -283,13 +293,18 @@ isc_result_t omapi_handle_td_lookup (omapi_object_t **obj,
 {
        omapi_handle_t h;
 
-       if (handle -> type == omapi_datatype_int)
-               h = handle -> u.integer;
-       else if (handle -> type == omapi_datatype_data &&
-                handle -> u.buffer.len == sizeof h) {
-               memcpy (&h, handle -> u.buffer.value, sizeof h);
-               h = ntohl (h);
+       if (handle->type == omapi_datatype_int)
+               h = handle->u.integer;
+       else if (handle->type == omapi_datatype_data &&
+                handle->u.buffer.len == sizeof h) {
+               memcpy(&h, handle->u.buffer.value, sizeof h);
+               h = ntohl(h);
        } else
-               return DHCP_R_INVALIDARG;
-       return omapi_handle_lookup (obj, h);
+               return(DHCP_R_INVALIDARG);
+       return(omapi_handle_lookup(obj, h));
+}
+
+isc_result_t omapi_handle_clear(omapi_handle_t h)
+{
+       return(omapi_handle_lookup_in(NULL, h, omapi_handle_table, CLEAR_HAND));
 }