From 12fc029c6be574bd438c1065fa88bbddc08d4032 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 23 Sep 2013 14:10:27 -0700
Subject: [PATCH] When a session is invalidated then we must also ensure it
 isn't used in any pending requests being processed.

Signed-off-by: Jeremy Allison <jra@samba.org>
---
 source3/smbd/smb2_sesssetup.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index dd243c9..cb8f847 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -457,6 +457,8 @@ static int pp_self_ref_destructor(struct smbd_smb2_session_setup_state **pp_stat
 
 static int smbd_smb2_session_setup_state_destructor(struct smbd_smb2_session_setup_state *state)
 {
+	struct smbd_smb2_request *preq;
+
 	/*
 	 * If state->session is not NULL,
 	 * we move the session from the session table to the request on failure
@@ -471,6 +473,27 @@ static int smbd_smb2_session_setup_state_destructor(struct smbd_smb2_session_set
 	state->session->status = NT_STATUS_USER_SESSION_DELETED;
 	state->smb2req->session = talloc_move(state->smb2req, &state->session);
 
+	/*
+	 * We've made this session owned by the current request.
+	 * Ensure that any outstanding requests don't also refer
+	 * to it.
+	 */
+
+	for (preq = state->smb2req->sconn->smb2.requests; preq != NULL; preq = preq->next) {
+		if (preq == state->smb2req) {
+			continue;
+		}
+		if (preq->session == state->smb2req->session) {
+			preq->session = NULL;
+			/*
+			 * If we no longer have a session we can't
+			 * sign or encrypt replies.
+			 */
+			preq->do_signing = false;
+			preq->do_encryption = false;
+		}
+	}
+
 	return 0;
 }
 
-- 
1.8.1.2