svn commit: samba r13081 - branches/SAMBA_3_0/source/nmbd branches/SAMBA_3_0/source/rpc_server branches/SAMBA_3_0/source/utils trunk/source/nmbd

jerry at samba.org jerry at samba.org
Mon Jan 23 14:02:23 GMT 2006 

Author: jerry
Date: 2006-01-23 14:02:17 +0000 (Mon, 23 Jan 2006)
New Revision: 13081

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13081

Log:
correct fix for the segv in nmbd caused by a double free on namerec.


Modified:
   branches/SAMBA_3_0/source/nmbd/nmbd_namelistdb.c
   branches/SAMBA_3_0/source/nmbd/nmbd_winsserver.c
   branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c
   branches/SAMBA_3_0/source/utils/status.c
   trunk/source/nmbd/nmbd_namelistdb.c
   trunk/source/nmbd/nmbd_winsserver.c


Changeset:
Modified: branches/SAMBA_3_0/source/nmbd/nmbd_namelistdb.c
===================================================================
--- branches/SAMBA_3_0/source/nmbd/nmbd_namelistdb.c	2006-01-23 12:55:22 UTC (rev 13080)
+++ branches/SAMBA_3_0/source/nmbd/nmbd_namelistdb.c	2006-01-23 14:02:17 UTC (rev 13081)
@@ -80,14 +80,13 @@
 void remove_name_from_namelist(struct subnet_record *subrec, 
 				struct name_record *namerec )
 {
-	if (subrec == wins_server_subnet) {
+	if (subrec == wins_server_subnet) 
 		remove_name_from_wins_namelist(namerec);
-		return;
-	} 
+	else {
+		subrec->namelist_changed = True;
+		DLIST_REMOVE(subrec->namelist, namerec);
+	}
 
-	subrec->namelist_changed = True;
-
-	DLIST_REMOVE(subrec->namelist, namerec);
 	SAFE_FREE(namerec->data.ip);
 	ZERO_STRUCTP(namerec);
 	SAFE_FREE(namerec);

Modified: branches/SAMBA_3_0/source/nmbd/nmbd_winsserver.c
===================================================================
--- branches/SAMBA_3_0/source/nmbd/nmbd_winsserver.c	2006-01-23 12:55:22 UTC (rev 13080)
+++ branches/SAMBA_3_0/source/nmbd/nmbd_winsserver.c	2006-01-23 14:02:17 UTC (rev 13081)
@@ -290,8 +290,9 @@
 
 	DLIST_REMOVE(wins_server_subnet->namelist, namerec);
 	SAFE_FREE(namerec->data.ip);
-	ZERO_STRUCTP(namerec);
-	SAFE_FREE(namerec);
+
+	/* namerec must be freed by the caller */
+
 	return (ret == 0) ? True : False;
 }
 

Modified: branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c	2006-01-23 12:55:22 UTC (rev 13080)
+++ branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c	2006-01-23 14:02:17 UTC (rev 13081)
@@ -2,8 +2,8 @@
  *  Unix SMB/CIFS implementation.
  *  RPC Pipe client / server routines
  *  Copyright (C) Andrew Tridgell              1992-1997,
- *  Copyright (C) Jeremy Allison					2001.
- *  Copyright (C) Nigel Williams					2001.
+ *  Copyright (C) Jeremy Allison               2001.
+ *  Copyright (C) Nigel Williams               2001.
  *  
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -1539,6 +1539,7 @@
 	SEC_DESC *psd = NULL;
 	SE_PRIV se_diskop = SE_DISK_OPERATOR;
 	BOOL is_disk_op = False;
+	int max_connections = 0;
 
 	DEBUG(5,("_srv_net_share_set_info: %d\n", __LINE__));
 
@@ -1583,6 +1584,7 @@
 		unistr2_to_ascii(comment, &q_u->info.share.info2.info_2_str.uni_remark, sizeof(comment));
 		unistr2_to_ascii(pathname, &q_u->info.share.info2.info_2_str.uni_path, sizeof(pathname));
 		type = q_u->info.share.info2.info_2.type;
+		max_connections = (q_u->info.share.info2.max_uses == 0xffffffff) ? 0 : q_u->info.share.info2.max_uses;
 		psd = NULL;
 		break;
 #if 0
@@ -1658,8 +1660,8 @@
 			return WERR_ACCESS_DENIED;
 		}
 
-		slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"",
-				lp_change_share_cmd(), dyn_CONFIGFILE, share_name, path, comment);
+		slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\" %d",
+				lp_change_share_cmd(), dyn_CONFIGFILE, share_name, path, comment, max_connections ); 
 
 		DEBUG(10,("_srv_net_share_set_info: Running [%s]\n", command ));
 				
@@ -1951,16 +1953,17 @@
 	TIME_OF_DAY_INFO *tod;
 	struct tm *t;
 	time_t unixdate = time(NULL);
+
 	/* We do this call first as if we do it *after* the gmtime call
 	   it overwrites the pointed-to values. JRA */
+
 	uint32 zone = get_time_zone(unixdate)/60;
 
-	tod = TALLOC_P(p->mem_ctx, TIME_OF_DAY_INFO);
-	if (!tod)
+	DEBUG(5,("_srv_net_remote_tod: %d\n", __LINE__));
+
+	if ( !(tod = TALLOC_ZERO_P(p->mem_ctx, TIME_OF_DAY_INFO)) )
 		return WERR_NOMEM;
 
-	ZERO_STRUCTP(tod);
- 
 	r_u->tod = tod;
 	r_u->ptr_srv_tod = 0x1;
 	r_u->status = WERR_OK;

Modified: branches/SAMBA_3_0/source/utils/status.c
===================================================================
--- branches/SAMBA_3_0/source/utils/status.c	2006-01-23 12:55:22 UTC (rev 13080)
+++ branches/SAMBA_3_0/source/utils/status.c	2006-01-23 14:02:17 UTC (rev 13081)
@@ -103,13 +103,13 @@
 	static int count;
 	if (count==0) {
 		d_printf("Locked files:\n");
-		d_printf("Pid    DenyMode   Access      R/W        Oplock           SharePath           Name\n");
-		d_printf("----------------------------------------------------------------------------------\n");
+		d_printf("Pid          DenyMode   Access      R/W        Oplock           SharePath           Name\n");
+		d_printf("----------------------------------------------------------------------------------------\n");
 	}
 	count++;
 
 	if (Ucrit_checkPid(procid_to_pid(&e->pid))) {
-		d_printf("%s  ",procid_str_static(&e->pid));
+		d_printf("%-11s  ",procid_str_static(&e->pid));
 		switch (map_share_mode_to_deny_mode(e->share_access,
 						    e->private_options)) {
 			case DENY_NONE: d_printf("DENY_NONE  "); break;
@@ -166,7 +166,7 @@
 	}
 	count++;
 
-	d_printf("%s   %05x:%05x    %s  %9.0f   %9.0f\n", 
+	d_printf("%08s   %05x:%05x    %s  %9.0f   %9.0f\n", 
 	       procid_str_static(&pid), (int)dev, (int)ino, 
 	       lock_type==READ_LOCK?"R":"W",
 	       (double)start, (double)size);

Modified: trunk/source/nmbd/nmbd_namelistdb.c
===================================================================
--- trunk/source/nmbd/nmbd_namelistdb.c	2006-01-23 12:55:22 UTC (rev 13080)
+++ trunk/source/nmbd/nmbd_namelistdb.c	2006-01-23 14:02:17 UTC (rev 13081)
@@ -80,14 +80,13 @@
 void remove_name_from_namelist(struct subnet_record *subrec, 
 				struct name_record *namerec )
 {
-	if (subrec == wins_server_subnet) {
+	if (subrec == wins_server_subnet) 
 		remove_name_from_wins_namelist(namerec);
-		return;
-	} 
+	else {
+		subrec->namelist_changed = True;
+		DLIST_REMOVE(subrec->namelist, namerec);
+	}
 
-	subrec->namelist_changed = True;
-
-	DLIST_REMOVE(subrec->namelist, namerec);
 	SAFE_FREE(namerec->data.ip);
 	ZERO_STRUCTP(namerec);
 	SAFE_FREE(namerec);

Modified: trunk/source/nmbd/nmbd_winsserver.c
===================================================================
--- trunk/source/nmbd/nmbd_winsserver.c	2006-01-23 12:55:22 UTC (rev 13080)
+++ trunk/source/nmbd/nmbd_winsserver.c	2006-01-23 14:02:17 UTC (rev 13081)
@@ -290,8 +290,9 @@
 
 	DLIST_REMOVE(wins_server_subnet->namelist, namerec);
 	SAFE_FREE(namerec->data.ip);
-	ZERO_STRUCTP(namerec);
-	SAFE_FREE(namerec);
+
+	/* namerec must be freed by the caller */
+
 	return (ret == 0) ? True : False;
 }

More information about the samba-cvs mailing list