[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1201-g5c6aa5c

Karolin Seeger Wed, 05 Aug 2009 02:58:03 -0700

The branch, v3-4-test has been updated
       via  5c6aa5ce9fb0cc5d63d04b0777d296c82e61c0a5 (commit)
      from  e7e1a6b3237550ef90db6a52a023885f616f722b (commit)


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test


- Log -----------------------------------------------------------------
commit 5c6aa5ce9fb0cc5d63d04b0777d296c82e61c0a5
Author: Volker Lendecke <v...@samba.org>
Date:   Mon Jul 27 14:47:41 2009 +0200

    Fix a valgrind error in chain_reply
    
    construct_reply() references the request after chain_reply has freed it.
    (cherry picked from commit 5135ebd6f099518f0a0b5796e8057210be824740)
    
    Addresses bug #6611.

-----------------------------------------------------------------------

Summary of changes:
 source3/include/smb.h  |    2 ++
 source3/smbd/process.c |   13 ++++++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/smb.h b/source3/include/smb.h
index 9cae327..b20a8ef 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -659,6 +659,8 @@ struct smb_request {
         * state information for async smb handling
         */
        void *async_priv;
+
+       bool done;
 };
 
 /* Defines for the sent_oplock_break field above. */
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 962b492..e1069eb 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -377,6 +377,7 @@ void init_smb_request(struct smb_request *req,
        req->conn = conn_find(req->tid);
        req->chain_fsp = NULL;
        req->chain_outbuf = NULL;
+       req->done = false;
        smb_init_perfcount_data(&req->pcd);
 
        /* Ensure we have at least wct words and 2 bytes of bcc. */
@@ -1395,6 +1396,11 @@ static void construct_reply(char *inbuf, int size, 
size_t unread_bytes,
                req->unread_bytes = 0;
        }
 
+       if (req->done) {
+               TALLOC_FREE(req);
+               return;
+       }
+
        if (req->outbuf == NULL) {
                return;
        }
@@ -1650,8 +1656,8 @@ void chain_reply(struct smb_request *req)
                        exit_server_cleanly("chain_reply: srv_send_smb "
                                            "failed.");
                }
-               TALLOC_FREE(req);
-
+               TALLOC_FREE(req->chain_outbuf);
+               req->done = true;
                return;
        }
 
@@ -1772,7 +1778,8 @@ void chain_reply(struct smb_request *req)
                          &req->pcd)) {
                exit_server_cleanly("construct_reply: srv_send_smb failed.");
        }
-       TALLOC_FREE(req);
+       TALLOC_FREE(req->chain_outbuf);
+       req->done = true;
 }
 
 /****************************************************************************


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1201-g5c6aa5c

Reply via email to