sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-28 01:58:17 +03:00
Code

Fix a valgrind error found by SMB2-COMPOUND test.

Browse Source 
If a file is closed we must also NULL out all chained_fsp
pointers when the fsp is freed to prevent invalid pointer
access.

Jeremy.
This commit is contained in:
Jeremy Allison 2010-06-08 21:20:07 -07:00
parent 0c5d0e1c37
commit 34a8324409
3 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
source3/smbd/files.c
View File

@ -503,6 +503,14 @@ void file_free(struct smb_request *req, files_struct *fsp)
req->chain_fsp = NULL;
}
/*
* Clear all possible chained fsp
* pointers in the SMB2 request queue.
*/
if (req != NULL && req->smb2req) {
remove_smb2_chained_fsp(fsp);
}
/* Closing a file can invalidate the positive cache. */
if (fsp == fsp_fi_cache.fsp) {
ZERO_STRUCT(fsp_fi_cache);

3
source3/smbd/globals.h
View File

@ -277,6 +277,7 @@ NTSTATUS smbd_smb2_request_check_session(struct smbd_smb2_request *req);
NTSTATUS smbd_smb2_request_check_tcon(struct smbd_smb2_request *req);
struct smb_request *smbd_smb2_fake_smb_request(struct smbd_smb2_request *req);
void remove_smb2_chained_fsp(files_struct *fsp);
NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req);
NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *req);
@ -353,6 +354,8 @@ struct smbd_smb2_request {
bool async;
bool cancelled;
/* fake smb1 request. */
struct smb_request *smb1req;
struct files_struct *compat_chain_fsp;
NTSTATUS next_status;

20
source3/smbd/smb2_glue.c
View File

@ -49,6 +49,26 @@ struct smb_request *smbd_smb2_fake_smb_request(struct smbd_smb2_request *req)
smbreq->mid = BVAL(inhdr, SMB2_HDR_MESSAGE_ID);
smbreq->chain_fsp = req->compat_chain_fsp;
smbreq->smb2req = req;
req->smb1req = smbreq;
return smbreq;
}
/*********************************************************
Called from file_free() to remove any chained fsp pointers.
*********************************************************/
void remove_smb2_chained_fsp(files_struct *fsp)
{
struct smbd_server_connection *sconn = smbd_server_conn;
struct smbd_smb2_request *smb2req;
for (smb2req = sconn->smb2.requests; smb2req; smb2req = smb2req->next) {
if (smb2req->compat_chain_fsp == fsp) {
smb2req->compat_chain_fsp = NULL;
}
if (smb2req->smb1req && smb2req->smb1req->chain_fsp == fsp) {
smb2req->smb1req->chain_fsp = NULL;
}
}
}