git.samba.org / metze / samba / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e7e1a6b)
Fix a valgrind error in chain_reply
authorVolker Lendecke <vl@samba.org>
Mon, 27 Jul 2009 12:47:41 +0000 (14:47 +0200)
committerKarolin Seeger <kseeger@samba.org>
Wed, 5 Aug 2009 09:57:27 +0000 (11:57 +0200)
construct_reply() references the request after chain_reply has freed it.
(cherry picked from commit 5135ebd6f099518f0a0b5796e8057210be824740)

Addresses bug #6611.

source3/include/smb.h patch | blob | history
source3/smbd/process.c patch | blob | history

diff --git a/source3/include/smb.h b/source3/include/smb.h
index 9cae327c6cd63a99f8c8447c1084ee962f35da12..b20a8eff06ce3c0f8ad90715b1dbc224c655d10d 100644 (file)
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -659,6 +659,8 @@ struct smb_request {
         * state information for async smb handling
         */
        void *async_priv;
+
+       bool done;
 };
 
 /* Defines for the sent_oplock_break field above. */
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 962b4926c889db21521a2513a7c2f8f2a3ef43e7..e1069ebd8705ea62547dbd9db12b5dc217931455 100644 (file)
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -377,6 +377,7 @@ void init_smb_request(struct smb_request *req,
        req->conn = conn_find(req->tid);
        req->chain_fsp = NULL;
        req->chain_outbuf = NULL;
+       req->done = false;
        smb_init_perfcount_data(&req->pcd);
 
        /* Ensure we have at least wct words and 2 bytes of bcc. */
@@ -1395,6 +1396,11 @@ static void construct_reply(char *inbuf, int size, size_t unread_bytes,
                req->unread_bytes = 0;
        }
 
+       if (req->done) {
+               TALLOC_FREE(req);
+               return;
+       }
+
        if (req->outbuf == NULL) {
                return;
        }
@@ -1650,8 +1656,8 @@ void chain_reply(struct smb_request *req)
                        exit_server_cleanly("chain_reply: srv_send_smb "
                                            "failed.");
                }
-               TALLOC_FREE(req);
-
+               TALLOC_FREE(req->chain_outbuf);
+               req->done = true;
                return;
        }
 
@@ -1772,7 +1778,8 @@ void chain_reply(struct smb_request *req)
                          &req->pcd)) {
                exit_server_cleanly("construct_reply: srv_send_smb failed.");
        }
-       TALLOC_FREE(req);
+       TALLOC_FREE(req->chain_outbuf);
+       req->done = true;
 }
 
 /****************************************************************************
Work in progress branches