The branch, master has been updated
via bdb80ae s3:smbd:smb2: fix segfault (access after free) in durable
disconnect code
from 2cf83f7 samba_upgradeprovision: Use tdb_util.tdb_copy not
shutil.copy2
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit bdb80aeb11d5458e281483a5cdc57f5481979cc9
Author: Michael Adam <[email protected]>
Date: Mon Feb 18 23:21:24 2013 +0100
s3:smbd:smb2: fix segfault (access after free) in durable disconnect code
Pair-Programmed-With: Stefan Metzmacher <[email protected]>
Signed-off-by: Michael Adam <[email protected]>
Signed-off-by: Stefan Metzmacher <[email protected]>
Autobuild-User(master): Michael Adam <[email protected]>
Autobuild-Date(master): Tue Feb 19 11:12:01 CET 2013 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/close.c | 1 +
source3/smbd/smbXsrv_open.c | 1 +
2 files changed, 2 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index df3ae23..d0c843e 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -782,6 +782,7 @@ static NTSTATUS close_normal_file(struct smb_request *req,
files_struct *fsp,
data_blob_free(&fsp->op->global->backend_cookie);
fsp->op->global->backend_cookie = new_cookie;
+ fsp->op->compat = NULL;
tmp = smbXsrv_open_close(fsp->op, now);
if (!NT_STATUS_IS_OK(tmp)) {
DEBUG(1, ("Failed to update smbXsrv_open "
diff --git a/source3/smbd/smbXsrv_open.c b/source3/smbd/smbXsrv_open.c
index c1754e8..be39cbc 100644
--- a/source3/smbd/smbXsrv_open.c
+++ b/source3/smbd/smbXsrv_open.c
@@ -1078,6 +1078,7 @@ NTSTATUS smbXsrv_open_close(struct smbXsrv_open *op,
NTTIME now)
op->db_rec = NULL;
if (op->compat) {
+ op->compat->op = NULL;
file_free(NULL, op->compat);
op->compat = NULL;
}
--
Samba Shared Repository
