svn commit: samba r13081 - branches/SAMBA_3_0/source/nmbd
branches/SAMBA_3_0/source/rpc_server
branches/SAMBA_3_0/source/utils trunk/source/nmbd
jerry at samba.org
jerry at samba.org
Mon Jan 23 14:02:23 GMT 2006
Author: jerry
Date: 2006-01-23 14:02:17 +0000 (Mon, 23 Jan 2006)
New Revision: 13081
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13081
Log:
correct fix for the segv in nmbd caused by a double free on namerec.
Modified:
branches/SAMBA_3_0/source/nmbd/nmbd_namelistdb.c
branches/SAMBA_3_0/source/nmbd/nmbd_winsserver.c
branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c
branches/SAMBA_3_0/source/utils/status.c
trunk/source/nmbd/nmbd_namelistdb.c
trunk/source/nmbd/nmbd_winsserver.c
Changeset:
Modified: branches/SAMBA_3_0/source/nmbd/nmbd_namelistdb.c
===================================================================
--- branches/SAMBA_3_0/source/nmbd/nmbd_namelistdb.c 2006-01-23 12:55:22 UTC (rev 13080)
+++ branches/SAMBA_3_0/source/nmbd/nmbd_namelistdb.c 2006-01-23 14:02:17 UTC (rev 13081)
@@ -80,14 +80,13 @@
void remove_name_from_namelist(struct subnet_record *subrec,
struct name_record *namerec )
{
- if (subrec == wins_server_subnet) {
+ if (subrec == wins_server_subnet)
remove_name_from_wins_namelist(namerec);
- return;
- }
+ else {
+ subrec->namelist_changed = True;
+ DLIST_REMOVE(subrec->namelist, namerec);
+ }
- subrec->namelist_changed = True;
-
- DLIST_REMOVE(subrec->namelist, namerec);
SAFE_FREE(namerec->data.ip);
ZERO_STRUCTP(namerec);
SAFE_FREE(namerec);
Modified: branches/SAMBA_3_0/source/nmbd/nmbd_winsserver.c
===================================================================
--- branches/SAMBA_3_0/source/nmbd/nmbd_winsserver.c 2006-01-23 12:55:22 UTC (rev 13080)
+++ branches/SAMBA_3_0/source/nmbd/nmbd_winsserver.c 2006-01-23 14:02:17 UTC (rev 13081)
@@ -290,8 +290,9 @@
DLIST_REMOVE(wins_server_subnet->namelist, namerec);
SAFE_FREE(namerec->data.ip);
- ZERO_STRUCTP(namerec);
- SAFE_FREE(namerec);
+
+ /* namerec must be freed by the caller */
+
return (ret == 0) ? True : False;
}
Modified: branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c 2006-01-23 12:55:22 UTC (rev 13080)
+++ branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c 2006-01-23 14:02:17 UTC (rev 13081)
@@ -2,8 +2,8 @@
* Unix SMB/CIFS implementation.
* RPC Pipe client / server routines
* Copyright (C) Andrew Tridgell 1992-1997,
- * Copyright (C) Jeremy Allison 2001.
- * Copyright (C) Nigel Williams 2001.
+ * Copyright (C) Jeremy Allison 2001.
+ * Copyright (C) Nigel Williams 2001.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -1539,6 +1539,7 @@
SEC_DESC *psd = NULL;
SE_PRIV se_diskop = SE_DISK_OPERATOR;
BOOL is_disk_op = False;
+ int max_connections = 0;
DEBUG(5,("_srv_net_share_set_info: %d\n", __LINE__));
@@ -1583,6 +1584,7 @@
unistr2_to_ascii(comment, &q_u->info.share.info2.info_2_str.uni_remark, sizeof(comment));
unistr2_to_ascii(pathname, &q_u->info.share.info2.info_2_str.uni_path, sizeof(pathname));
type = q_u->info.share.info2.info_2.type;
+ max_connections = (q_u->info.share.info2.max_uses == 0xffffffff) ? 0 : q_u->info.share.info2.max_uses;
psd = NULL;
break;
#if 0
@@ -1658,8 +1660,8 @@
return WERR_ACCESS_DENIED;
}
- slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"",
- lp_change_share_cmd(), dyn_CONFIGFILE, share_name, path, comment);
+ slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\" %d",
+ lp_change_share_cmd(), dyn_CONFIGFILE, share_name, path, comment, max_connections );
DEBUG(10,("_srv_net_share_set_info: Running [%s]\n", command ));
@@ -1951,16 +1953,17 @@
TIME_OF_DAY_INFO *tod;
struct tm *t;
time_t unixdate = time(NULL);
+
/* We do this call first as if we do it *after* the gmtime call
it overwrites the pointed-to values. JRA */
+
uint32 zone = get_time_zone(unixdate)/60;
- tod = TALLOC_P(p->mem_ctx, TIME_OF_DAY_INFO);
- if (!tod)
+ DEBUG(5,("_srv_net_remote_tod: %d\n", __LINE__));
+
+ if ( !(tod = TALLOC_ZERO_P(p->mem_ctx, TIME_OF_DAY_INFO)) )
return WERR_NOMEM;
- ZERO_STRUCTP(tod);
-
r_u->tod = tod;
r_u->ptr_srv_tod = 0x1;
r_u->status = WERR_OK;
Modified: branches/SAMBA_3_0/source/utils/status.c
===================================================================
--- branches/SAMBA_3_0/source/utils/status.c 2006-01-23 12:55:22 UTC (rev 13080)
+++ branches/SAMBA_3_0/source/utils/status.c 2006-01-23 14:02:17 UTC (rev 13081)
@@ -103,13 +103,13 @@
static int count;
if (count==0) {
d_printf("Locked files:\n");
- d_printf("Pid DenyMode Access R/W Oplock SharePath Name\n");
- d_printf("----------------------------------------------------------------------------------\n");
+ d_printf("Pid DenyMode Access R/W Oplock SharePath Name\n");
+ d_printf("----------------------------------------------------------------------------------------\n");
}
count++;
if (Ucrit_checkPid(procid_to_pid(&e->pid))) {
- d_printf("%s ",procid_str_static(&e->pid));
+ d_printf("%-11s ",procid_str_static(&e->pid));
switch (map_share_mode_to_deny_mode(e->share_access,
e->private_options)) {
case DENY_NONE: d_printf("DENY_NONE "); break;
@@ -166,7 +166,7 @@
}
count++;
- d_printf("%s %05x:%05x %s %9.0f %9.0f\n",
+ d_printf("%08s %05x:%05x %s %9.0f %9.0f\n",
procid_str_static(&pid), (int)dev, (int)ino,
lock_type==READ_LOCK?"R":"W",
(double)start, (double)size);
Modified: trunk/source/nmbd/nmbd_namelistdb.c
===================================================================
--- trunk/source/nmbd/nmbd_namelistdb.c 2006-01-23 12:55:22 UTC (rev 13080)
+++ trunk/source/nmbd/nmbd_namelistdb.c 2006-01-23 14:02:17 UTC (rev 13081)
@@ -80,14 +80,13 @@
void remove_name_from_namelist(struct subnet_record *subrec,
struct name_record *namerec )
{
- if (subrec == wins_server_subnet) {
+ if (subrec == wins_server_subnet)
remove_name_from_wins_namelist(namerec);
- return;
- }
+ else {
+ subrec->namelist_changed = True;
+ DLIST_REMOVE(subrec->namelist, namerec);
+ }
- subrec->namelist_changed = True;
-
- DLIST_REMOVE(subrec->namelist, namerec);
SAFE_FREE(namerec->data.ip);
ZERO_STRUCTP(namerec);
SAFE_FREE(namerec);
Modified: trunk/source/nmbd/nmbd_winsserver.c
===================================================================
--- trunk/source/nmbd/nmbd_winsserver.c 2006-01-23 12:55:22 UTC (rev 13080)
+++ trunk/source/nmbd/nmbd_winsserver.c 2006-01-23 14:02:17 UTC (rev 13081)
@@ -290,8 +290,9 @@
DLIST_REMOVE(wins_server_subnet->namelist, namerec);
SAFE_FREE(namerec->data.ip);
- ZERO_STRUCTP(namerec);
- SAFE_FREE(namerec);
+
+ /* namerec must be freed by the caller */
+
return (ret == 0) ? True : False;
}
More information about the samba-cvs
mailing list