[SCM] Samba Shared Repository - branch v3-6-test updated

Karolin Seeger kseeger at samba.org
Thu Jun 30 11:36:35 MDT 2011 

The branch, v3-6-test has been updated
       via  4b094c2 Second part of fix for bug #8219 - SMB Panic from Windows 7 Client.
       via  501969a Fix bug #8219 - SMB Panic from Windows 7 Client
      from  44cfdd9 s3: explicitly pass domain_sid to wbint_LookupRids() (bug #7841)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 4b094c2acdfe93fdce80adc6dc3df73cf2d3fae1
Author: Jeremy Allison <jra at samba.org>
Date:   Wed Jun 29 09:56:47 2011 -0700

    Second part of fix for bug #8219 - SMB Panic from Windows 7 Client.
    
    Pass in the correct vector to the signing algorithm in an async
    response - we must start with vector[1] which has the SMB2_HDR_BODY
    length, not vector[0] which is the 4 byte packet length. Also
    note we're passing in 2 vectors not 3.
    
    Metze please review.

commit 501969a2b95b15fd9f8602b14a391e5096b17183
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Jun 28 17:45:49 2011 -0700

    Fix bug #8219 - SMB Panic from Windows 7 Client
    
    Caused by referencing an uninitialized variable in the
    duplicated struct smbd_smb2_request when sending a signed
    intermediate reply.

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/smb2_server.c |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 7cbe90a..0944e57 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -665,10 +665,18 @@ static struct smbd_smb2_request *dup_smb2_req(const struct smbd_smb2_request *re
 	}
 
 	newreq->sconn = req->sconn;
+	newreq->session = req->session;
 	newreq->do_signing = req->do_signing;
 	newreq->current_idx = req->current_idx;
 	newreq->async = false;
 	newreq->cancelled = false;
+	/* Note we are leaving:
+		->tcon
+		->smb1req
+		->compat_chain_fsp
+	   uninitialized as NULL here as
+	   they're not used in the interim
+	   response code. JRA. */
 
 	outvec = talloc_zero_array(newreq, struct iovec, count);
 	if (!outvec) {
@@ -915,7 +923,7 @@ NTSTATUS smbd_smb2_request_pending_queue(struct smbd_smb2_request *req,
 
 	if (req->do_signing) {
 		status = smb2_signing_sign_pdu(req->session->session_key,
-					state->vector, 3);
+					&state->vector[1], 2);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}


-- 
Samba Shared Repository

More information about the samba-cvs mailing list