1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s3-smbd: Fix use after issue in smbd_smb2_request_dispatch()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11581

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Oct 30 19:49:47 CET 2015 on sn-devel-104
This commit is contained in:
Andreas Schneider 2015-10-30 09:01:28 +01:00 committed by Andreas Schneider
parent d8f3b490bb
commit db9e10d071

View File

@ -1705,13 +1705,6 @@ static NTSTATUS smbd_smb2_request_process_cancel(struct smbd_smb2_request *req)
search_message_id = BVAL(inhdr, SMB2_HDR_MESSAGE_ID);
search_async_id = BVAL(inhdr, SMB2_HDR_PID);
/*
* we don't need the request anymore
* cancel requests never have a response
*/
DLIST_REMOVE(xconn->smb2.requests, req);
TALLOC_FREE(req);
for (cur = xconn->smb2.requests; cur; cur = cur->next) {
const uint8_t *outhdr;
uint64_t message_id;
@ -2368,6 +2361,14 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
req->profile, _INBYTES(req));
return_value = smbd_smb2_request_process_cancel(req);
SMBPROFILE_IOBYTES_ASYNC_END(req->profile, 0);
/*
* We don't need the request anymore cancel requests never
* have a response.
*/
DLIST_REMOVE(xconn->smb2.requests, req);
TALLOC_FREE(req);
break;
case SMB2_OP_KEEPALIVE: