mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
r18363: Found a rather nasty bug in our fragment handling.
We were adding packet fragments onto the *reply* queue, not the
recieve queue. This worked, as long as we got a whole packet before
we did any reply work, but failed once the backend called a remote
LDAP server (and I presume something invoked the event loop).
Andrew Bartlett
(This used to be commit a0162e0ace
)
This commit is contained in:
parent
79a1d08324
commit
72c5be634c
@ -133,12 +133,12 @@ static const struct dcesrv_interface *find_interface_by_uuid(const struct dcesrv
|
||||
}
|
||||
|
||||
/*
|
||||
find a call that is pending in our call list
|
||||
find the earlier parts of a fragmented call awaiting reassembily
|
||||
*/
|
||||
static struct dcesrv_call_state *dcesrv_find_call(struct dcesrv_connection *dce_conn, uint16_t call_id)
|
||||
static struct dcesrv_call_state *dcesrv_find_fragmented_call(struct dcesrv_connection *dce_conn, uint16_t call_id)
|
||||
{
|
||||
struct dcesrv_call_state *c;
|
||||
for (c=dce_conn->call_list;c;c=c->next) {
|
||||
for (c=dce_conn->incoming_fragmented_call_list;c;c=c->next) {
|
||||
if (c->pkt.call_id == call_id) {
|
||||
return c;
|
||||
}
|
||||
@ -1013,7 +1013,7 @@ NTSTATUS dcesrv_input_process(struct dcesrv_connection *dce_conn)
|
||||
|
||||
/* this is a continuation of an existing call - find the call then
|
||||
tack it on the end */
|
||||
call = dcesrv_find_call(dce_conn, call2->pkt.call_id);
|
||||
call = dcesrv_find_fragmented_call(dce_conn, call2->pkt.call_id);
|
||||
if (!call) {
|
||||
return dcesrv_fault(call2, DCERPC_FAULT_OTHER);
|
||||
}
|
||||
@ -1049,10 +1049,11 @@ NTSTATUS dcesrv_input_process(struct dcesrv_connection *dce_conn)
|
||||
}
|
||||
|
||||
/* this may not be the last pdu in the chain - if its isn't then
|
||||
just put it on the call_list and wait for the rest */
|
||||
just put it on the incoming_fragmented_call_list and wait for the rest */
|
||||
if (call->pkt.ptype == DCERPC_PKT_REQUEST &&
|
||||
!(call->pkt.pfc_flags & DCERPC_PFC_FLAG_LAST)) {
|
||||
DLIST_ADD_END(dce_conn->call_list, call, struct dcesrv_call_state *);
|
||||
DLIST_ADD_END(dce_conn->incoming_fragmented_call_list, call,
|
||||
struct dcesrv_call_state *);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
|
@ -168,12 +168,15 @@ struct dcesrv_connection {
|
||||
/* a list of established context_ids */
|
||||
struct dcesrv_connection_context *contexts;
|
||||
|
||||
/* the state of the current calls */
|
||||
struct dcesrv_call_state *call_list;
|
||||
/* the state of the current incoming call fragments */
|
||||
struct dcesrv_call_state *incoming_fragmented_call_list;
|
||||
|
||||
/* the state of the async pending calls */
|
||||
struct dcesrv_call_state *pending_call_list;
|
||||
|
||||
/* the state of the current outgoing calls */
|
||||
struct dcesrv_call_state *call_list;
|
||||
|
||||
/* the maximum size the client wants to receive */
|
||||
uint32_t cli_max_recv_frag;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user