[PATCH] Version 2: Patchset for bug #10344 - SessionLogoff on a signed connection with an outstanding notify request crashes smbd.

Jeremy Allison jra at samba.org
Tue Mar 11 15:34:42 MDT 2014


On Tue, Mar 11, 2014 at 01:59:08PM -0700, Jeremy Allison wrote:
> 
> Sorry - this is a really long reply. But it covers
> a lot of ground (and I think I've found a bug in
> metze.diff also - more on that below).
> 
> Metze if you want to jump to the bug in the logic
> in your patch just search for :
>
> ******METZE***BUG***ALERT***********
> 
> below :-).

OK, I'm wrong. Sorry. I went through
lib/tevent/tevent_queue.c again really
carefully (yet again... :-) and I had
missed the case that when struct tevent_queue_entry *e
is removed in the tevent_queue_entry_destructor() the
trigger called is that of the
new head of the list, q->list,
*not* the next pointer of the
deleted event e->next.

So it *IS* going to wait for all of
them to be done without an implicit
ordering.

Sorry for the noise :-). Does
make my point about how opaque
the internals of lib/tevent/tevent_queue.c
are though !

Cheers,

	Jeremy.


More information about the samba-technical mailing list