Additional patch for bug 11581
Stefan Metzmacher
metze at samba.org
Mon Nov 2 13:22:06 UTC 2015
Hi,
here's an additional fix for
https://bugzilla.samba.org/show_bug.cgi?id=11581
I guess there's no real problem because the cancel
request is added with DLIST_ADD_END() at the end
and we would find the real request first in the list.
And if we really find the cancel request itself
cur->subreq is still NULL and there's no real problem.
However we should avoid potential confusion and
remove the cancel request before looping over
all requests.
Please review and push:-)
metze
-------------- next part --------------
From e71c04765cfeb7a4ae8f8cc6dc0f14b2b3eec0eb Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 2 Nov 2015 13:40:24 +0100
Subject: [PATCH] s3:smb2_server: make the logic of SMB2_CANCEL DLIST_REMOVE()
clearer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11581
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/smbd/smb2_server.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index ddaba38..f27e797 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1703,6 +1703,14 @@ static NTSTATUS smbd_smb2_request_process_cancel(struct smbd_smb2_request *req)
search_message_id = BVAL(inhdr, SMB2_HDR_MESSAGE_ID);
search_async_id = BVAL(inhdr, SMB2_HDR_PID);
+ /*
+ * We don't need the request anymore cancel requests never
+ * have a response.
+ *
+ * We defer the TALLOC_FREE(req) to the caller.
+ */
+ DLIST_REMOVE(xconn->smb2.requests, req);
+
for (cur = xconn->smb2.requests; cur; cur = cur->next) {
const uint8_t *outhdr;
uint64_t message_id;
@@ -2347,8 +2355,10 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
/*
* We don't need the request anymore cancel requests never
* have a response.
+ *
+ * smbd_smb2_request_process_cancel() already called
+ * DLIST_REMOVE(xconn->smb2.requests, req);
*/
- DLIST_REMOVE(xconn->smb2.requests, req);
TALLOC_FREE(req);
break;
--
1.9.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20151102/db66303f/signature.sig>
More information about the samba-technical
mailing list