s3:smb2_server: avoid segfault in smbd_smb2_request_pending_queue()

Because we should not call smbd_smb2_request_error() on an
request that is still running.

If the subreq implementes a cancel function, this should
take care of triggering smbd_smb2_request_error.

metze

Signed-off-by: Michael Adam <obnox@samba.org>

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 77f25a9a82139c771ba2bf45d7430502d769914b..dcaefb16890f03d66d2aee144098b799f6c98c6e 100644 (file)
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1297,9 +1297,13 @@ NTSTATUS smbd_smb2_request_pending_queue(struct smbd_smb2_request *req,
                 * request chain. This is not allowed.
                 * Cancel the outstanding request.
                 */
-               tevent_req_cancel(req->subreq);
+               bool ok = tevent_req_cancel(req->subreq);
+               if (ok) {
+                       return NT_STATUS_OK;
+               }
+               TALLOC_FREE(req->subreq);
                return smbd_smb2_request_error(req,
-                       NT_STATUS_INSUFFICIENT_RESOURCES);
+                       NT_STATUS_INTERNAL_ERROR);
        }
 
        if (DEBUGLEVEL >= 10) {