[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Mon Apr 2 15:03:04 MDT 2012 

The branch, master has been updated
       via  c7a3b8a s4:smb_server/smb2: add missing 'return;' statements in smb2srv_chain_reply()
       via  d72641e s4:smb_server/smb2: after smbsrv_terminate_connection() we have to return
       via  e01d6f4 s4:smb_server/smb2: fix memory leak in smb2srv_chain_reply()
       via  dca4e6e s4:smb_server/smb2: use helper variable smb2srv_chain_reply()
       via  6865241 s4:smb_server/smb: remove a request from the list before adding the next one in a chain.
      from  831a97c s3: Notifies should never time out

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit c7a3b8ae21523f6af2c3e3fea1a0d3fcf9706d4c
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Mar 26 13:50:44 2012 +0200

    s4:smb_server/smb2: add missing 'return;' statements in smb2srv_chain_reply()
    
    metze
    
    Autobuild-User: Stefan Metzmacher <metze at samba.org>
    Autobuild-Date: Mon Apr  2 23:02:53 CEST 2012 on sn-devel-104

commit d72641ef769da6cba8fd8422586121c79ad3af42
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Mar 26 13:49:36 2012 +0200

    s4:smb_server/smb2: after smbsrv_terminate_connection() we have to return
    
    req is a talloc child of the connection...
    
    metze

commit e01d6f4af02160199a014b9ea3e05a56c47f9f1f
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Mar 26 13:48:51 2012 +0200

    s4:smb_server/smb2: fix memory leak in smb2srv_chain_reply()
    
    metze

commit dca4e6eb6e199e35b50a36ea3861a5d3429f6804
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Mar 26 13:47:39 2012 +0200

    s4:smb_server/smb2: use helper variable smb2srv_chain_reply()
    
    metze

commit 6865241fdde71c5f7bbe85b3b88cb57ca14578b2
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Mar 19 23:52:25 2012 +0100

    s4:smb_server/smb: remove a request from the list before adding the next one in a chain.
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 source4/smb_server/smb/receive.c  |    1 +
 source4/smb_server/smb2/receive.c |   19 ++++++++++++-------
 2 files changed, 13 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/smb_server/smb/receive.c b/source4/smb_server/smb/receive.c
index 8e3bab8..b100757 100644
--- a/source4/smb_server/smb/receive.c
+++ b/source4/smb_server/smb/receive.c
@@ -633,6 +633,7 @@ void smbsrv_chain_reply(struct smbsrv_request *req)
 	SSVAL(req->out.vwv, VWV(1), req->out.size - NBT_HDR_SIZE);
 
 	/* cleanup somestuff for the next request */
+	DLIST_REMOVE(req->smb_conn->requests, req);
 	talloc_free(req->ntvfs);
 	req->ntvfs = NULL;
 	talloc_free(req->io_ptr);
diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c
index 141fdd8..3b54c97 100644
--- a/source4/smb_server/smb2/receive.c
+++ b/source4/smb_server/smb2/receive.c
@@ -155,6 +155,7 @@ static NTSTATUS smb2srv_reply(struct smb2srv_request *req);
 static void smb2srv_chain_reply(struct smb2srv_request *p_req)
 {
 	NTSTATUS status;
+	struct smbsrv_connection *smb_conn = p_req->smb_conn;
 	struct smb2srv_request *req;
 	uint32_t chain_offset;
 	uint32_t protocol_version;
@@ -163,6 +164,8 @@ static void smb2srv_chain_reply(struct smb2srv_request *p_req)
 	uint32_t flags;
 	uint32_t last_hdr_offset;
 
+	talloc_steal(req, p_req);
+
 	last_hdr_offset = p_req->in.hdr - p_req->in.buffer;
 
 	chain_offset = p_req->chain_offset;
@@ -171,7 +174,7 @@ static void smb2srv_chain_reply(struct smb2srv_request *p_req)
 	if (p_req->in.size < (last_hdr_offset + chain_offset + SMB2_MIN_SIZE_NO_BODY)) {
 		DEBUG(2,("Invalid SMB2 chained packet at offset 0x%X from last hdr 0x%X\n",
 			chain_offset, last_hdr_offset));
-		smbsrv_terminate_connection(p_req->smb_conn, "Invalid SMB2 chained packet");
+		smbsrv_terminate_connection(smb_conn, "Invalid SMB2 chained packet");
 		return;
 	}
 
@@ -179,13 +182,13 @@ static void smb2srv_chain_reply(struct smb2srv_request *p_req)
 	if (protocol_version != SMB2_MAGIC) {
 		DEBUG(2,("Invalid SMB chained packet: protocol prefix: 0x%08X\n",
 			 protocol_version));
-		smbsrv_terminate_connection(p_req->smb_conn, "NON-SMB2 chained packet");
+		smbsrv_terminate_connection(smb_conn, "NON-SMB2 chained packet");
 		return;
 	}
 
-	req = smb2srv_init_request(p_req->smb_conn);
+	req = smb2srv_init_request(smb_conn);
 	if (!req) {
-		smbsrv_terminate_connection(p_req->smb_conn, "SMB2 chained packet - no memory");
+		smbsrv_terminate_connection(smb_conn, "SMB2 chained packet - no memory");
 		return;
 	}
 
@@ -206,9 +209,11 @@ static void smb2srv_chain_reply(struct smb2srv_request *p_req)
 		   other packet types */
 		uint16_t opcode	= SVAL(req->in.hdr, SMB2_HDR_OPCODE);
 		if (opcode == SMB2_OP_NEGPROT) {
-			smbsrv_terminate_connection(req->smb_conn, "Bad body size in SMB2 negprot");			
+			smbsrv_terminate_connection(smb_conn, "Bad body size in SMB2 negprot");
+			return;
 		} else {
 			smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+			return;
 		}
 	}
 
@@ -248,8 +253,7 @@ static void smb2srv_chain_reply(struct smb2srv_request *p_req)
 
 	status = smb2srv_reply(req);
 	if (!NT_STATUS_IS_OK(status)) {
-		smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
-		talloc_free(req);
+		smbsrv_terminate_connection(smb_conn, nt_errstr(status));
 		return;
 	}
 }
@@ -284,6 +288,7 @@ void smb2srv_send_reply(struct smb2srv_request *req)
 	status = packet_send(req->smb_conn->packet, blob);
 	if (!NT_STATUS_IS_OK(status)) {
 		smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
+		return;
 	}
 	if (req->chain_offset) {
 		smb2srv_chain_reply(req);


-- 
Samba Shared Repository

More information about the samba-cvs mailing list