[PATCH] Fix valgrind read-after-free error in cli_smb2_close_fnum_recv().
Jeremy Allison
jra at samba.org
Fri Dec 1 00:47:02 UTC 2017
On Thu, Nov 30, 2017 at 08:13:08AM +0100, Volker Lendecke wrote:
> On Wed, Nov 29, 2017 at 10:13:00AM -0800, Jeremy Allison via samba-technical wrote:
> > Yeah, I actually coded that up first and rejected it :-), because
> > it still leaves the tevent_req_simple_recv_ntstatus(req)
> > inside, which (silently) frees the data inside req.
>
> Probably this is because I did not comment that sufficiently: Those
> simple_recv_ functions are really meant as a short-cut if there is
> nothing but this single call in the _recv function. If you have to do
> anything but this call, do it manually. That was at least my intention
> when I wrote this function. Sorry if this is not clear enough.
Yes, it's clear now (at least to me). I think maybe a later
patch that adds a comment to these calls that explains the
correct idiom might help prevent future mis-use.
More information about the samba-technical
mailing list