[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Tue Jun 8 22:22:12 MDT 2010
The branch, master has been updated
via 34a8324... Fix a valgrind error found by SMB2-COMPOUND test.
from 0c5d0e1... Second part of fix for 7501 - SMB2: CREATE request replies getting mangled.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 34a8324409961c4837e83c714fb1a285f238312d
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 8 21:20:07 2010 -0700
Fix a valgrind error found by SMB2-COMPOUND test.
If a file is closed we must also NULL out all chained_fsp
pointers when the fsp is freed to prevent invalid pointer
access.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/files.c | 8 ++++++++
source3/smbd/globals.h | 3 +++
source3/smbd/smb2_glue.c | 20 ++++++++++++++++++++
3 files changed, 31 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index 43956e3..7ad5ce3 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -503,6 +503,14 @@ void file_free(struct smb_request *req, files_struct *fsp)
req->chain_fsp = NULL;
}
+ /*
+ * Clear all possible chained fsp
+ * pointers in the SMB2 request queue.
+ */
+ if (req != NULL && req->smb2req) {
+ remove_smb2_chained_fsp(fsp);
+ }
+
/* Closing a file can invalidate the positive cache. */
if (fsp == fsp_fi_cache.fsp) {
ZERO_STRUCT(fsp_fi_cache);
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index 9df2554..3533d60 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -277,6 +277,7 @@ NTSTATUS smbd_smb2_request_check_session(struct smbd_smb2_request *req);
NTSTATUS smbd_smb2_request_check_tcon(struct smbd_smb2_request *req);
struct smb_request *smbd_smb2_fake_smb_request(struct smbd_smb2_request *req);
+void remove_smb2_chained_fsp(files_struct *fsp);
NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req);
NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *req);
@@ -353,6 +354,8 @@ struct smbd_smb2_request {
bool async;
bool cancelled;
+ /* fake smb1 request. */
+ struct smb_request *smb1req;
struct files_struct *compat_chain_fsp;
NTSTATUS next_status;
diff --git a/source3/smbd/smb2_glue.c b/source3/smbd/smb2_glue.c
index d6252ef..8b595af 100644
--- a/source3/smbd/smb2_glue.c
+++ b/source3/smbd/smb2_glue.c
@@ -49,6 +49,26 @@ struct smb_request *smbd_smb2_fake_smb_request(struct smbd_smb2_request *req)
smbreq->mid = BVAL(inhdr, SMB2_HDR_MESSAGE_ID);
smbreq->chain_fsp = req->compat_chain_fsp;
smbreq->smb2req = req;
+ req->smb1req = smbreq;
return smbreq;
}
+
+/*********************************************************
+ Called from file_free() to remove any chained fsp pointers.
+*********************************************************/
+
+void remove_smb2_chained_fsp(files_struct *fsp)
+{
+ struct smbd_server_connection *sconn = smbd_server_conn;
+ struct smbd_smb2_request *smb2req;
+
+ for (smb2req = sconn->smb2.requests; smb2req; smb2req = smb2req->next) {
+ if (smb2req->compat_chain_fsp == fsp) {
+ smb2req->compat_chain_fsp = NULL;
+ }
+ if (smb2req->smb1req && smb2req->smb1req->chain_fsp == fsp) {
+ smb2req->smb1req->chain_fsp = NULL;
+ }
+ }
+}
--
Samba Shared Repository
More information about the samba-cvs
mailing list