smbd: reset dangling watch_req pointer in poll_open_done
We just freed subreq and a pointer to subreq is stored in open_rec->watch_req,
so we must invalidate the pointer.
Otherwise if the poll open timer fires it will do a
TALLOC_FREE(open_rec->watch_req);
on the dangling pointer which may crash or do something worse like freeing some
other random talloc memory.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
065ed088b3d5710c288e46a5bf1e063f9a29c8cc)
git.samba.org / kseeger / samba-autobuild-v4-15-test / .git / commit