From d16b427bc946660da1b5a4421aacb585dd0a07ad Mon Sep 17 00:00:00 2001
From: midipix <writeonce@midipix.org>
Date: Jan 16 2017 06:52:26 +0000
Subject: __ntapi_dsr_start_impl(): copy the loop routine addr and ctx onto the stack.


Since params might point to an address on the stack of the thread which
called __ntapi_dsr_init(), and given that __ntapi_dsr_init() returns as
soon as the internal client connection had been established, we may not
access params upon return from __ntapi_dsr_connect_internal_client().

---

diff --git a/src/daemon/ntapi_dsr_init.c b/src/daemon/ntapi_dsr_init.c
index b54131e..f556f0b 100644
--- a/src/daemon/ntapi_dsr_init.c
+++ b/src/daemon/ntapi_dsr_init.c
@@ -145,8 +145,10 @@ static int32_t __ntapi_dsr_start_impl(nt_daemon_params * params)
 {
 	int32_t status;
 	void *	ctx;
+	int32_t (*loop)(void *);
 
-	ctx = params->daemon_loop_context;
+	ctx  = params->daemon_loop_context;
+	loop = params->daemon_loop_routine;
 
 	if ((status = __ntapi_dsr_once(params)))
 		return status;
@@ -157,7 +159,7 @@ static int32_t __ntapi_dsr_start_impl(nt_daemon_params * params)
 	if ((status = __ntapi_dsr_connect_internal_client(params)))
 		return status;
 
-	if ((status = params->daemon_loop_routine(ctx)))
+	if ((status = loop(ctx)))
 		return status;
 
 	return NT_STATUS_SUCCESS;