git.samba.org / obnox / samba / samba-obnox.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2cf83f7)
s3:smbd:smb2: fix segfault (access after free) in durable disconnect code
authorMichael Adam <obnox@samba.org>
Mon, 18 Feb 2013 22:21:24 +0000 (23:21 +0100)
committerMichael Adam <obnox@samba.org>
Tue, 19 Feb 2013 10:12:01 +0000 (11:12 +0100)
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Feb 19 11:12:01 CET 2013 on sn-devel-104

source3/smbd/close.c patch | blob | history
source3/smbd/smbXsrv_open.c patch | blob | history

diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index df3ae23a92ae526afe3cb1167e42e037b62464fd..d0c843ea9cc9c981d8c013be386f162daca4cc4e 100644 (file)
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -782,6 +782,7 @@ static NTSTATUS close_normal_file(struct smb_request *req, files_struct *fsp,
                        data_blob_free(&fsp->op->global->backend_cookie);
                        fsp->op->global->backend_cookie = new_cookie;
 
+                       fsp->op->compat = NULL;
                        tmp = smbXsrv_open_close(fsp->op, now);
                        if (!NT_STATUS_IS_OK(tmp)) {
                                DEBUG(1, ("Failed to update smbXsrv_open "
diff --git a/source3/smbd/smbXsrv_open.c b/source3/smbd/smbXsrv_open.c
index c1754e86b2ef777c9338982940aca2a2f6f94038..be39cbc3972c25146a9cdd09569fdbb4c4e9f48b 100644 (file)
--- a/source3/smbd/smbXsrv_open.c
+++ b/source3/smbd/smbXsrv_open.c
@@ -1078,6 +1078,7 @@ NTSTATUS smbXsrv_open_close(struct smbXsrv_open *op, NTTIME now)
        op->db_rec = NULL;
 
        if (op->compat) {
+               op->compat->op = NULL;
                file_free(NULL, op->compat);
                op->compat = NULL;
        }
Michael's Samba GIT