File pacemaker-libservices-use-after-free-freeing-an-operation.patch of Package pacemaker.14737

commit 933d46ef20591757301784773a37e06b78906584
Author: Ken Gaillot <kgaillot@redhat.com>
Date:   Mon Feb 27 14:28:36 2017 -0600

    Fix: libservices: prevent use-after-free when freeing an operation

diff --git a/lib/services/services.c b/lib/services/services.c
index 4020b7d00..78a078133 100644
--- a/lib/services/services.c
+++ b/lib/services/services.c
@@ -410,6 +410,16 @@ services_action_free(svc_action_t * op)
         return;
     }
 
+    /* The operation should be removed from all tracking lists by this point.
+     * If it's not, we have a bug somewhere, so bail. That may lead to a
+     * memory leak, but it's better than a use-after-free segmentation fault.
+     */
+    CRM_CHECK(g_list_find(inflight_ops, op) == NULL, return);
+    CRM_CHECK(g_list_find(blocked_ops, op) == NULL, return);
+    CRM_CHECK((recurring_actions == NULL)
+              || (g_hash_table_lookup(recurring_actions, op->id) == NULL),
+              return);
+
     services_action_cleanup(op);
 
     if (op->opaque->repeat_timer) {