[PATCH] fix smbclient segfault

Andreas Schneider asn at samba.org
Mon Sep 22 02:15:10 MDT 2014


On Monday 22 September 2014 09:59:34 Michael Adam wrote:
> Hi,

Hey,
 
> shouldn't subreq be freed before leaving the function,
> i.e. further down?

to be honest, I'm not sure. A bit further down smbXcli_req_set_pending(subreq) 
is called and I guess it needs to live longer cause of that call.



	-- andreas

 
> Cheers - Michael
> 
> On 2014-09-22 at 08:20 +0200, Andreas Schneider wrote:
> > Hello,
> > 
> > attached find a patch to fix a segfault in smbclient.
> > 
> > 	-- andreas
> > 	
> > >From f9a5b1113341745557da56e61b1e79d8a8d4c500 Mon Sep 17 00:00:00 2001
> > 
> > From: Andreas Schneider <asn at samba.org>
> > Date: Wed, 17 Sep 2014 15:17:50 +0200
> > Subject: [PATCH] libcli: Fix a segfault calling smbXcli_req_set_pending()
> > on> 
> >  NULL.
> > 
> > BUG: https://bugzilla.samba.org/show_bug.cgi?id=10817
> > 
> > Signed-off-by: Andreas Schneider <asn at samba.org>
> > ---
> > 
> >  libcli/smb/smb1cli_echo.c | 1 -
> >  1 file changed, 1 deletion(-)
> > 
> > diff --git a/libcli/smb/smb1cli_echo.c b/libcli/smb/smb1cli_echo.c
> > index 4fb7c60..10dff2d 100644
> > --- a/libcli/smb/smb1cli_echo.c
> > +++ b/libcli/smb/smb1cli_echo.c
> > @@ -96,7 +96,6 @@ static void smb1cli_echo_done(struct tevent_req *subreq)
> > 
> >  				  NULL, /* pbytes_offset */
> >  				  NULL, /* pinbuf */
> >  				  expected, ARRAY_SIZE(expected));
> > 
> > -	TALLOC_FREE(subreq);
> > 
> >  	if (!NT_STATUS_IS_OK(status)) {
> >  	
> >  		tevent_req_nterror(req, status);
> >  		return;

-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org



More information about the samba-technical mailing list