[PATCH] smb2_create: move 'op' into scope (Re: [PATCHES] smb3 create replay (for multi-channel))

Michael Adam obnox at samba.org
Thu Mar 3 08:49:42 UTC 2016 

On 2016-03-03 at 09:43 +0100, Michael Adam wrote:
> On 2016-03-03 at 09:33 +0100, Michael Adam wrote:
> > On 2016-03-02 at 16:45 -0800, Jeremy Allison wrote:
> > > On Wed, Mar 02, 2016 at 10:45:11PM +0100, Michael Adam wrote:
> > > > 
> > > > Attached find the updated patchset.
> > > > Differences with the original one:
> > > 
> > > Pushing this, but autobuild is failing with:
> > > 
> > > [252(789)/1892 at 20m43s] samba3.blackbox.smbclient_machine_auth.plain (nt4_member:local)
> > > ERROR: Testsuite[samba3.blackbox.smbclient_machine_auth.plain (nt4_member:local)]
> > > REASON: unable to set up environment nt4_member:local - exiting
> > > 
> > > Don't think this is to do with your new code.
> > 
> > There was a NULL dereference of 'op' in smb2_create_send
> > right at the and, because I used op instead of result->op
> > in one (new) place. Usually these are the same at this
> > place, but for IPC or PRINT shares, we ended up here without
> > op == result->op but op == NULL.
> > 
> > Attached find the 2-line patch to be squashed into the
> > 'implement create replay' test to fix the crash.
> > I am running a full make test with this now and will
> > (given the in-retrospect obviousness) push once this has
> > passed.
> 
> Attached find a patch that would have prevented such
> pitfall by moving 'op' into the scope of its use.
> 
> Note: due to context change, it does not apply to current
> master but only on top of the create-replay patchset.
> 
> Cheers - Michael

I seem to have a problem with attachments today... ;-)
-------------- next part --------------
From c57f192334ac4224065ed1bd54ea16cb8a9bf893 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 3 Mar 2016 09:27:42 +0100
Subject: [PATCH] smbd:smb2: move op variable into scope of use in
 smb2_create_send

Signed-off-by: Michael Adam <obnox at samba.org>
---
 source3/smbd/smb2_create.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index d4e7fac..b535612 100644
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -474,7 +474,6 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
 	struct smb2_create_blob *dhnq = NULL;
 	struct smb2_create_blob *dh2q = NULL;
 	struct smb2_create_blob *rqls = NULL;
-	struct smbXsrv_open *op = NULL;
 	bool replay_operation = false;
 
 	if(lp_fake_oplocks(SNUM(smb2req->tcon->compat))) {
@@ -670,6 +669,7 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
 		struct smb2_lease *lease_ptr = NULL;
 		ssize_t lease_len = -1;
 		bool need_replay_cache = false;
+		struct smbXsrv_open *op = NULL;
 #if 0
 		struct smb2_create_blob *svhdx = NULL;
 #endif
-- 
2.5.0

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160303/c6708bf1/signature.sig>

More information about the samba-technical mailing list