From d4a5c832f1806a9c664d52a34ea1a24eb370fa89 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 23 Sep 2013 14:10:27 -0700 Subject: [PATCH] smbd: Invalidate the session correctly. When a session is invalidated then we must also ensure it isn't used in any pending requests being processed. Signed-off-by: Jeremy Allison Reviewed-by: Andreas Schneider --- source3/smbd/smb2_sesssetup.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index dd243c91d15..cb8f847866a 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -457,6 +457,8 @@ static int pp_self_ref_destructor(struct smbd_smb2_session_setup_state **pp_stat static int smbd_smb2_session_setup_state_destructor(struct smbd_smb2_session_setup_state *state) { + struct smbd_smb2_request *preq; + /* * If state->session is not NULL, * we move the session from the session table to the request on failure @@ -471,6 +473,27 @@ static int smbd_smb2_session_setup_state_destructor(struct smbd_smb2_session_set state->session->status = NT_STATUS_USER_SESSION_DELETED; state->smb2req->session = talloc_move(state->smb2req, &state->session); + /* + * We've made this session owned by the current request. + * Ensure that any outstanding requests don't also refer + * to it. + */ + + for (preq = state->smb2req->sconn->smb2.requests; preq != NULL; preq = preq->next) { + if (preq == state->smb2req) { + continue; + } + if (preq->session == state->smb2req->session) { + preq->session = NULL; + /* + * If we no longer have a session we can't + * sign or encrypt replies. + */ + preq->do_signing = false; + preq->do_encryption = false; + } + } + return 0; }