s3:smb2_server: correctly maintain request counters for compound requests

If a session expires during a compound request chain,
we exit smbd_smb2_request_dispatch() with
'return smbd_smb2_request_error(req, ...)' before
calling smbd_smb2_request_dispatch_update_counts().

As req->request_counters_updated was only reset
within smbd_smb2_request_dispatch_update_counts(),
smbd_smb2_request_reply_update_counts() was called
twice on the same request, which triggers
SMB_ASSERT(op->request_count > 0);

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index ee03a8eb0bb44afea0d5f4cc93a662b34e8f4a62..177e5ffc2f2fba98354ea40b997261184c22ba89 100644 (file)
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -2180,7 +2180,7 @@ static NTSTATUS smbd_smb2_request_dispatch_update_counts(
        bool update_open = false;
        NTSTATUS status = NT_STATUS_OK;
 
-       req->request_counters_updated = false;
+       SMB_ASSERT(!req->request_counters_updated);
 
        if (xconn->protocol < PROTOCOL_SMB2_22) {
                return NT_STATUS_OK;
@@ -2315,6 +2315,8 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
 
        DO_PROFILE_INC(request);
 
+       SMB_ASSERT(!req->request_counters_updated);
+
        /* TODO: verify more things */
 
        flags = IVAL(inhdr, SMB2_HDR_FLAGS);
@@ -2755,6 +2757,8 @@ static void smbd_smb2_request_reply_update_counts(struct smbd_smb2_request *req)
                return;
        }
 
+       req->request_counters_updated = false;
+
        if (xconn->protocol < PROTOCOL_SMB2_22) {
                return;
        }