diff options
| author | Stefan Metzmacher <metze@samba.org> | 2013-09-20 01:11:40 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2014-01-07 08:37:41 +0100 |
| commit | eb8869a43d65767c3f67ed8c1918c8d9db2e294e (patch) | |
| tree | c7bf494eb4a6e8d77be487921da7db650d142344 /source3/libsmb | |
| parent | 46d29d46bc065d51e3f7ca6892ccd04cf6ce9bef (diff) | |
| download | samba-eb8869a43d65767c3f67ed8c1918c8d9db2e294e.tar.gz samba-eb8869a43d65767c3f67ed8c1918c8d9db2e294e.tar.xz samba-eb8869a43d65767c3f67ed8c1918c8d9db2e294e.zip | |
s3:libsmb: add tstream_cli_np_ref as protection to talloc_free(smbXcli_conn)
This makes sure that we don't have dangling pointers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source3/libsmb')
| -rw-r--r-- | source3/libsmb/cli_np_tstream.c | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/source3/libsmb/cli_np_tstream.c b/source3/libsmb/cli_np_tstream.c index 4aa826c752..8bc81791c5 100644 --- a/source3/libsmb/cli_np_tstream.c +++ b/source3/libsmb/cli_np_tstream.c @@ -49,7 +49,10 @@ static const struct tstream_context_ops tstream_cli_np_ops; */ #define TSTREAM_CLI_NP_MAX_BUF_SIZE 4280 +struct tstream_cli_np_ref; + struct tstream_cli_np { + struct tstream_cli_np_ref *ref; struct smbXcli_conn *conn; struct smbXcli_session *session; struct smbXcli_tcon *tcon; @@ -76,10 +79,19 @@ struct tstream_cli_np { } read, write; }; +struct tstream_cli_np_ref { + struct tstream_cli_np *cli_nps; +}; + static int tstream_cli_np_destructor(struct tstream_cli_np *cli_nps) { NTSTATUS status; + if (cli_nps->ref != NULL) { + cli_nps->ref->cli_nps = NULL; + TALLOC_FREE(cli_nps->ref); + } + if (!smbXcli_conn_is_connected(cli_nps->conn)) { return 0; } @@ -124,6 +136,20 @@ static int tstream_cli_np_destructor(struct tstream_cli_np *cli_nps) return 0; } +static int tstream_cli_np_ref_destructor(struct tstream_cli_np_ref *ref) +{ + if (ref->cli_nps == NULL) { + return 0; + } + + ref->cli_nps->conn = NULL; + ref->cli_nps->session = NULL; + ref->cli_nps->tcon = NULL; + ref->cli_nps->ref = NULL; + + return 0; +}; + struct tstream_cli_np_open_state { struct smbXcli_conn *conn; struct smbXcli_session *session; @@ -274,6 +300,13 @@ NTSTATUS _tstream_cli_np_open_recv(struct tevent_req *req, } ZERO_STRUCTP(cli_nps); + cli_nps->ref = talloc_zero(state->conn, struct tstream_cli_np_ref); + if (cli_nps->ref == NULL) { + TALLOC_FREE(cli_nps); + tevent_req_received(req); + return NT_STATUS_NO_MEMORY; + } + cli_nps->ref->cli_nps = cli_nps; cli_nps->conn = state->conn; cli_nps->session = state->session; cli_nps->tcon = state->tcon; @@ -286,6 +319,7 @@ NTSTATUS _tstream_cli_np_open_recv(struct tevent_req *req, cli_nps->fid_volatile = state->fid_volatile; talloc_set_destructor(cli_nps, tstream_cli_np_destructor); + talloc_set_destructor(cli_nps->ref, tstream_cli_np_ref_destructor); cli_nps->trans.active = false; cli_nps->trans.read_req = NULL; |