[SCM] Samba Shared Repository - branch master updated

Ralph Böhme slow at samba.org
Wed Sep 30 11:19:09 UTC 2020 

The branch, master has been updated
       via  fca8cb63762 s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL via TALLOC_FREE().
      from  d53c91db3c7 s3:util:net_conf - allow empty path for [homes]

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit fca8cb63762faff54cda243c1ed8217b36333131
Author: Jeremy Allison <jra at samba.org>
Date:   Sat Sep 26 22:14:33 2020 -0700

    s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL via TALLOC_FREE().
    
    They may have been carefully set by the aio_del_req_from_fsp()
    destructor so we must not overwrite here.
    
    Found via some *amazing* debugging work from Ashok Ramakrishnan <aramakrishnan at nasuni.com>.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14515
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Wed Sep 30 11:18:43 UTC 2020 on sn-devel-184

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/close.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 68154a61ab5..9974877edc2 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -666,7 +666,19 @@ static void assert_no_pending_aio(struct files_struct *fsp,
 		 * fsp->aio_requests[x], causing a crash.
 		 */
 		while (fsp->num_aio_requests != 0) {
-			TALLOC_FREE(fsp->aio_requests[0]);
+			/*
+			 * NB. We *MUST* use
+			 * talloc_free(fsp->aio_requests[0]),
+			 * and *NOT* TALLOC_FREE() here, as
+			 * TALLOC_FREE(fsp->aio_requests[0])
+			 * will overwrite any new contents of
+			 * fsp->aio_requests[0] that were
+			 * copied into it via the destructor
+			 * aio_del_req_from_fsp().
+			 *
+			 * BUG: https://bugzilla.samba.org/show_bug.cgi?id=14515
+			 */
+			talloc_free(fsp->aio_requests[0]);
 		}
 		return;
 	}


-- 
Samba Shared Repository

More information about the samba-cvs mailing list