sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-28 07:21:54 +03:00
Code

r2618: before we had refererence counts in talloc I added a hack in the

Browse Source 
server side request structure to prevent a structing being freed in
some circumstances. This change replaces this with the much more
robust mechanism of talloc_increase_ref_count().
(This used to be commit 3f7741f178)
This commit is contained in:
Andrew Tridgell 2004-09-25 08:16:16 +00:00 committed by Gerald (Jerry) Carter
parent 20fb9ab6cd
commit 045543b661
5 changed files with 8 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
source4/include/smb.h
View File

@ -607,7 +607,6 @@ typedef struct nt_user_token {
/* a set of flags to control handling of request structures */
#define REQ_CONTROL_PROTECTED (1<<0) /* don't destroy this request */
#define REQ_CONTROL_LARGE (1<<1) /* allow replies larger than max_xmit */
#define REQ_CONTROL_ASYNC (1<<2) /* the backend will answer this one later */

8
source4/smb_server/nttrans.c
View File

@ -198,8 +198,6 @@ void reply_nttrans(struct smbsrv_request *req)
params = trans.out.params.data;
data = trans.out.data.data;
req->control_flags |= REQ_CONTROL_PROTECTED;
/* we need to divide up the reply into chunks that fit into
the negotiated buffer size */
do {
@ -254,9 +252,9 @@ void reply_nttrans(struct smbsrv_request *req)
params += this_param;
data += this_data;
/* if this is the last chunk then the request can be destroyed */
if (params_left == 0 && data_left == 0) {
req->control_flags &= ~REQ_CONTROL_PROTECTED;
/* don't destroy unless this is the last segment */
if (params_left != 0 || data_left != 0) {
talloc_increase_ref_count(req);
}
req_send_reply(req);

8
source4/smb_server/reply.c
View File

@ -1332,13 +1332,9 @@ void reply_echo(struct smbsrv_request *req)
memcpy(req->out.data, req->in.data, req->in.data_size);
/* we need to make sure the request isn't destroyed till the
* last packet */
req->control_flags |= REQ_CONTROL_PROTECTED;
for (i=1; i <= count;i++) {
if (i == count) {
req->control_flags &= ~REQ_CONTROL_PROTECTED;
if (i != count) {
talloc_increase_ref_count(req);
}
SSVAL(req->out.vwv, VWV(0), i);

6
source4/smb_server/request.c
View File

@ -30,12 +30,6 @@
/* destroy a request structure */
void req_destroy(struct smbsrv_request *req)
{
/* the request might be marked protected. This is done by the
* SMBecho code for example */
if (req->control_flags & REQ_CONTROL_PROTECTED) {
return;
}
/* ahh, its so nice to destroy a complex structure in such a
* simple way! */
talloc_free(req);

8
source4/smb_server/trans2.c
View File

@ -1323,8 +1323,6 @@ void reply_trans_generic(struct smbsrv_request *req, uint8_t command)
params = trans.out.params.data;
data = trans.out.data.data;
req->control_flags |= REQ_CONTROL_PROTECTED;
/* we need to divide up the reply into chunks that fit into
the negotiated buffer size */
do {
@ -1384,9 +1382,9 @@ void reply_trans_generic(struct smbsrv_request *req, uint8_t command)
params += this_param;
data += this_data;
/* if this is the last chunk then the request can be destroyed */
if (params_left == 0 && data_left == 0) {
req->control_flags &= ~REQ_CONTROL_PROTECTED;
/* don't destroy unless this is the last chunk */
if (params_left != 0 || data_left != 0) {
talloc_increase_ref_count(req);
}
req_send_reply(req);