svn commit: samba r4935 - in branches/SAMBA_4_0/source/libcli/composite: .

tridge at samba.org tridge at samba.org
Sun Jan 23 00:51:22 GMT 2005 

Author: tridge
Date: 2005-01-23 00:51:20 +0000 (Sun, 23 Jan 2005)
New Revision: 4935

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4935

Log:
fixed a bug where "c->status = xxx_handler(x);" could write to c after
it is freed. The problem is that the handler might complete the
request, and called the c->async.fn() async handler. That handler
might free the request handle.

Modified:
   branches/SAMBA_4_0/source/libcli/composite/connect.c
   branches/SAMBA_4_0/source/libcli/composite/loadfile.c
   branches/SAMBA_4_0/source/libcli/composite/savefile.c


Changeset:
Modified: branches/SAMBA_4_0/source/libcli/composite/connect.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/composite/connect.c	2005-01-22 17:12:33 UTC (rev 4934)
+++ branches/SAMBA_4_0/source/libcli/composite/connect.c	2005-01-23 00:51:20 UTC (rev 4935)
@@ -277,29 +277,31 @@
 static void state_handler(struct smbcli_composite *c)
 {
 	struct connect_state *state = talloc_get_type(c->private, struct connect_state);
+	NTSTATUS status;
 
 	switch (state->stage) {
 	case CONNECT_RESOLVE:
-		c->status = connect_resolve(c, state->io);
+		status = connect_resolve(c, state->io);
 		break;
 	case CONNECT_SOCKET:
-		c->status = connect_socket(c, state->io);
+		status = connect_socket(c, state->io);
 		break;
 	case CONNECT_SESSION_REQUEST:
-		c->status = connect_session_request(c, state->io);
+		status = connect_session_request(c, state->io);
 		break;
 	case CONNECT_NEGPROT:
-		c->status = connect_negprot(c, state->io);
+		status = connect_negprot(c, state->io);
 		break;
 	case CONNECT_SESSION_SETUP:
-		c->status = connect_session_setup(c, state->io);
+		status = connect_session_setup(c, state->io);
 		break;
 	case CONNECT_TCON:
-		c->status = connect_tcon(c, state->io);
+		status = connect_tcon(c, state->io);
 		break;
 	}
 
-	if (!NT_STATUS_IS_OK(c->status)) {
+	if (!NT_STATUS_IS_OK(status)) {
+		c->status = status;
 		c->state = SMBCLI_REQUEST_ERROR;
 		if (c->async.fn) {
 			c->async.fn(c);

Modified: branches/SAMBA_4_0/source/libcli/composite/loadfile.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/composite/loadfile.c	2005-01-22 17:12:33 UTC (rev 4934)
+++ branches/SAMBA_4_0/source/libcli/composite/loadfile.c	2005-01-23 00:51:20 UTC (rev 4935)
@@ -185,24 +185,26 @@
 {
 	struct smbcli_composite *c = req->async.private;
 	struct loadfile_state *state = talloc_get_type(c->private, struct loadfile_state);
+	NTSTATUS status;
 
 	/* when this handler is called, the stage indicates what
 	   call has just finished */
 	switch (state->stage) {
 	case LOADFILE_OPEN:
-		c->status = loadfile_open(c, state->io);
+		status = loadfile_open(c, state->io);
 		break;
 
 	case LOADFILE_READ:
-		c->status = loadfile_read(c, state->io);
+		status = loadfile_read(c, state->io);
 		break;
 
 	case LOADFILE_CLOSE:
-		c->status = loadfile_close(c, state->io);
+		status = loadfile_close(c, state->io);
 		break;
 	}
 
-	if (!NT_STATUS_IS_OK(c->status)) {
+	if (!NT_STATUS_IS_OK(status)) {
+		c->status = status;
 		c->state = SMBCLI_REQUEST_ERROR;
 		if (c->async.fn) {
 			c->async.fn(c);
@@ -291,3 +293,4 @@
 	struct smbcli_composite *c = smb_composite_loadfile_send(tree, io);
 	return smb_composite_loadfile_recv(c, mem_ctx);
 }
+

Modified: branches/SAMBA_4_0/source/libcli/composite/savefile.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/composite/savefile.c	2005-01-22 17:12:33 UTC (rev 4934)
+++ branches/SAMBA_4_0/source/libcli/composite/savefile.c	2005-01-23 00:51:20 UTC (rev 4935)
@@ -186,24 +186,26 @@
 {
 	struct smbcli_composite *c = req->async.private;
 	struct savefile_state *state = talloc_get_type(c->private, struct savefile_state);
+	NTSTATUS status;
 
 	/* when this handler is called, the stage indicates what
 	   call has just finished */
 	switch (state->stage) {
 	case SAVEFILE_OPEN:
-		c->status = savefile_open(c, state->io);
+		status = savefile_open(c, state->io);
 		break;
 
 	case SAVEFILE_WRITE:
-		c->status = savefile_write(c, state->io);
+		status = savefile_write(c, state->io);
 		break;
 
 	case SAVEFILE_CLOSE:
-		c->status = savefile_close(c, state->io);
+		status = savefile_close(c, state->io);
 		break;
 	}
 
-	if (!NT_STATUS_IS_OK(c->status)) {
+	if (!NT_STATUS_IS_OK(status)) {
+		c->status = status;
 		c->state = SMBCLI_REQUEST_ERROR;
 		if (c->async.fn) {
 			c->async.fn(c);

More information about the samba-cvs mailing list