s3: Attempt to fix bug 7518

If select returns -1, we can't rely on the fd sets. The current code might loop
endlessly because when putting an invalid fd (the closed socket?) on the read
set, a select implementation might choose not to touch it but directly return
with EINVAL. Thus run_events will see the socket readable, which leads to a
"return true", and thus a NT_STATUS_RETRY -> same game again.

We should never get into this situation, but to me the logfiles given in bug
7518 do not reveal enough information to understand how this can happen.

diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 66be77efce6651a288860c63bac12520e34e3216..4db54f39c0c961d03f9c103b7f888460ff56a387 100644 (file)
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -991,6 +991,12 @@ static NTSTATUS smbd_server_connection_loop_once(struct smbd_server_connection *
                errno = sav;
        }
 
+       /* Check if error */
+       if (selrtn == -1) {
+               /* something is wrong. Maybe the socket is dead? */
+               return map_nt_error_from_unix(errno);
+       }
+
         if ((conn->smb1.echo_handler.trusted_fd != -1)
            && FD_ISSET(conn->sock, &r_fds)
            && FD_ISSET(conn->smb1.echo_handler.trusted_fd, &r_fds)) {
@@ -1006,12 +1012,6 @@ static NTSTATUS smbd_server_connection_loop_once(struct smbd_server_connection *
                return NT_STATUS_RETRY;
        }
 
-       /* Check if error */
-       if (selrtn == -1) {
-               /* something is wrong. Maybe the socket is dead? */
-               return map_nt_error_from_unix(errno);
-       }
-
        /* Did we timeout ? */
        if (selrtn == 0) {
                return NT_STATUS_RETRY;