The branch, master has been updated
via c7a3b8a s4:smb_server/smb2: add missing 'return;' statements in
smb2srv_chain_reply()
via d72641e s4:smb_server/smb2: after smbsrv_terminate_connection() we
have to return
via e01d6f4 s4:smb_server/smb2: fix memory leak in smb2srv_chain_reply()
via dca4e6e s4:smb_server/smb2: use helper variable
smb2srv_chain_reply()
via 6865241 s4:smb_server/smb: remove a request from the list before
adding the next one in a chain.
from 831a97c s3: Notifies should never time out
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c7a3b8ae21523f6af2c3e3fea1a0d3fcf9706d4c
Author: Stefan Metzmacher <[email protected]>
Date: Mon Mar 26 13:50:44 2012 +0200
s4:smb_server/smb2: add missing 'return;' statements in
smb2srv_chain_reply()
metze
Autobuild-User: Stefan Metzmacher <[email protected]>
Autobuild-Date: Mon Apr 2 23:02:53 CEST 2012 on sn-devel-104
commit d72641ef769da6cba8fd8422586121c79ad3af42
Author: Stefan Metzmacher <[email protected]>
Date: Mon Mar 26 13:49:36 2012 +0200
s4:smb_server/smb2: after smbsrv_terminate_connection() we have to return
req is a talloc child of the connection...
metze
commit e01d6f4af02160199a014b9ea3e05a56c47f9f1f
Author: Stefan Metzmacher <[email protected]>
Date: Mon Mar 26 13:48:51 2012 +0200
s4:smb_server/smb2: fix memory leak in smb2srv_chain_reply()
metze
commit dca4e6eb6e199e35b50a36ea3861a5d3429f6804
Author: Stefan Metzmacher <[email protected]>
Date: Mon Mar 26 13:47:39 2012 +0200
s4:smb_server/smb2: use helper variable smb2srv_chain_reply()
metze
commit 6865241fdde71c5f7bbe85b3b88cb57ca14578b2
Author: Stefan Metzmacher <[email protected]>
Date: Mon Mar 19 23:52:25 2012 +0100
s4:smb_server/smb: remove a request from the list before adding the next
one in a chain.
metze
-----------------------------------------------------------------------
Summary of changes:
source4/smb_server/smb/receive.c | 1 +
source4/smb_server/smb2/receive.c | 19 ++++++++++++-------
2 files changed, 13 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/smb_server/smb/receive.c b/source4/smb_server/smb/receive.c
index 8e3bab8..b100757 100644
--- a/source4/smb_server/smb/receive.c
+++ b/source4/smb_server/smb/receive.c
@@ -633,6 +633,7 @@ void smbsrv_chain_reply(struct smbsrv_request *req)
SSVAL(req->out.vwv, VWV(1), req->out.size - NBT_HDR_SIZE);
/* cleanup somestuff for the next request */
+ DLIST_REMOVE(req->smb_conn->requests, req);
talloc_free(req->ntvfs);
req->ntvfs = NULL;
talloc_free(req->io_ptr);
diff --git a/source4/smb_server/smb2/receive.c
b/source4/smb_server/smb2/receive.c
index 141fdd8..3b54c97 100644
--- a/source4/smb_server/smb2/receive.c
+++ b/source4/smb_server/smb2/receive.c
@@ -155,6 +155,7 @@ static NTSTATUS smb2srv_reply(struct smb2srv_request *req);
static void smb2srv_chain_reply(struct smb2srv_request *p_req)
{
NTSTATUS status;
+ struct smbsrv_connection *smb_conn = p_req->smb_conn;
struct smb2srv_request *req;
uint32_t chain_offset;
uint32_t protocol_version;
@@ -163,6 +164,8 @@ static void smb2srv_chain_reply(struct smb2srv_request
*p_req)
uint32_t flags;
uint32_t last_hdr_offset;
+ talloc_steal(req, p_req);
+
last_hdr_offset = p_req->in.hdr - p_req->in.buffer;
chain_offset = p_req->chain_offset;
@@ -171,7 +174,7 @@ static void smb2srv_chain_reply(struct smb2srv_request
*p_req)
if (p_req->in.size < (last_hdr_offset + chain_offset +
SMB2_MIN_SIZE_NO_BODY)) {
DEBUG(2,("Invalid SMB2 chained packet at offset 0x%X from last
hdr 0x%X\n",
chain_offset, last_hdr_offset));
- smbsrv_terminate_connection(p_req->smb_conn, "Invalid SMB2
chained packet");
+ smbsrv_terminate_connection(smb_conn, "Invalid SMB2 chained
packet");
return;
}
@@ -179,13 +182,13 @@ static void smb2srv_chain_reply(struct smb2srv_request
*p_req)
if (protocol_version != SMB2_MAGIC) {
DEBUG(2,("Invalid SMB chained packet: protocol prefix:
0x%08X\n",
protocol_version));
- smbsrv_terminate_connection(p_req->smb_conn, "NON-SMB2 chained
packet");
+ smbsrv_terminate_connection(smb_conn, "NON-SMB2 chained
packet");
return;
}
- req = smb2srv_init_request(p_req->smb_conn);
+ req = smb2srv_init_request(smb_conn);
if (!req) {
- smbsrv_terminate_connection(p_req->smb_conn, "SMB2 chained
packet - no memory");
+ smbsrv_terminate_connection(smb_conn, "SMB2 chained packet - no
memory");
return;
}
@@ -206,9 +209,11 @@ static void smb2srv_chain_reply(struct smb2srv_request
*p_req)
other packet types */
uint16_t opcode = SVAL(req->in.hdr, SMB2_HDR_OPCODE);
if (opcode == SMB2_OP_NEGPROT) {
- smbsrv_terminate_connection(req->smb_conn, "Bad body
size in SMB2 negprot");
+ smbsrv_terminate_connection(smb_conn, "Bad body size in
SMB2 negprot");
+ return;
} else {
smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER);
+ return;
}
}
@@ -248,8 +253,7 @@ static void smb2srv_chain_reply(struct smb2srv_request
*p_req)
status = smb2srv_reply(req);
if (!NT_STATUS_IS_OK(status)) {
- smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
- talloc_free(req);
+ smbsrv_terminate_connection(smb_conn, nt_errstr(status));
return;
}
}
@@ -284,6 +288,7 @@ void smb2srv_send_reply(struct smb2srv_request *req)
status = packet_send(req->smb_conn->packet, blob);
if (!NT_STATUS_IS_OK(status)) {
smbsrv_terminate_connection(req->smb_conn, nt_errstr(status));
+ return;
}
if (req->chain_offset) {
smb2srv_chain_reply(req);
--
Samba Shared Repository
