svn commit: samba r11635 - in branches/SAMBA_4_0/source/libcli/raw:
.
metze at samba.org
metze at samba.org
Thu Nov 10 09:12:38 GMT 2005
Author: metze
Date: 2005-11-10 09:12:36 +0000 (Thu, 10 Nov 2005)
New Revision: 11635
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11635
Log:
fix a handling of packet_send in the smb client lib
this was cause of the PANIC on the build farm on metze01
as we use req->out.buffer from the old request in the smb_raw_ntcancel()
and send a 0 TID, that causes our server code to crash
(a fix for the server code will follow)
metze
Modified:
branches/SAMBA_4_0/source/libcli/raw/clitransport.c
Changeset:
Modified: branches/SAMBA_4_0/source/libcli/raw/clitransport.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/raw/clitransport.c 2005-11-10 07:12:17 UTC (rev 11634)
+++ branches/SAMBA_4_0/source/libcli/raw/clitransport.c 2005-11-10 09:12:36 UTC (rev 11635)
@@ -559,7 +559,16 @@
return;
}
- /* put it on the socket queue */
+ /* put it on the socket queue
+ * - as the buffer is a part of the smbcli_request struct
+ * we need to reference it here, because packet_queue_run()
+ * will call talloc_free() on it
+ */
+ if (!talloc_reference(req, req->out.buffer)) {
+ req->state = SMBCLI_REQUEST_ERROR;
+ req->status = NT_STATUS_NO_MEMORY;
+ return;
+ }
blob = data_blob_const(req->out.buffer, req->out.size);
status = packet_send(req->transport->packet, blob);
if (!NT_STATUS_IS_OK(status)) {
More information about the samba-cvs
mailing list