Fix segfault caused by talloc_free() being called while still processing

The problem here was that with the packet code set to serialise, we
can have multiple packets 'processing' at once, and previously the
second packet (allowed because we are spining on an event context down
the stack) would clear the flag.

Andrew Bartlett

diff --git a/source/smbd/service_stream.c b/source/smbd/service_stream.c
index e27d87ec750c709852365e5b1480ac2d9d1ac89b..f27560f6ee43e6021de4a073976959e419b6a8ff 100644 (file)
--- a/source/smbd/service_stream.c
+++ b/source/smbd/service_stream.c
@@ -85,13 +85,13 @@ void stream_terminate_connection(struct stream_connection *srv_conn, const char
 */
 static void stream_io_handler(struct stream_connection *conn, uint16_t flags)
 {
-       conn->processing = true;
+       conn->processing++;
        if (flags & EVENT_FD_WRITE) {
                conn->ops->send_handler(conn, flags);
        } else if (flags & EVENT_FD_READ) {
                conn->ops->recv_handler(conn, flags);
        }
-       conn->processing = false;
+       conn->processing--;
 
        if (conn->terminate) {
                stream_terminate_connection(conn, conn->terminate);