From 5b92829d6c20ab550aca6c0b273618577ea92b23 Mon Sep 17 00:00:00 2001
From: Tim Serong <tserong@novell.com>
Date: Fri, 15 Apr 2011 10:40:11 +1000
Subject: [PATCH] Add ipc_refcnt to message_handler_req_{exec,
 lib}_cfg_ringreenable()

Without refcounting the conn pointer here, corosync will segfault
if one kills a running instance of "corosync-cfgtool -r" (rhbz#695191)

Signed-off-by: Tim Serong <tserong@novell.com>
Reviewed-by: Steven Dake <sdake@redhat.com>
---
 services/cfg.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/services/cfg.c b/services/cfg.c
index 950f2e96..b7aa63b4 100644
--- a/services/cfg.c
+++ b/services/cfg.c
@@ -584,6 +584,8 @@ static void message_handler_req_exec_cfg_ringreenable (
 			req_exec_cfg_ringreenable->source.conn,
 			&res_lib_cfg_ringreenable,
 			sizeof (struct res_lib_cfg_ringreenable));
+
+		api->ipc_refcnt_dec(req_exec_cfg_ringreenable->source.conn);
 	}
 	LEAVE();
 }
@@ -704,6 +706,7 @@ static void message_handler_req_lib_cfg_ringreenable (
 	req_exec_cfg_ringreenable.header.id = SERVICE_ID_MAKE (CFG_SERVICE,
 		MESSAGE_REQ_EXEC_CFG_RINGREENABLE);
 	api->ipc_source_set (&req_exec_cfg_ringreenable.source, conn);
+	api->ipc_refcnt_inc(conn);
 
 	iovec.iov_base = (char *)&req_exec_cfg_ringreenable;
 	iovec.iov_len = sizeof (struct req_exec_cfg_ringreenable);