diff options
author | Volker Lendecke <vl@samba.org> | 2009-07-27 14:47:41 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2009-08-13 14:27:27 +0200 |
commit | 83eaed1cd5185933ac9dfe976b1b20cd2ed75153 (patch) | |
tree | 8b19f0b865c1b87f4c858cb356ae49a169fe52c2 | |
parent | a6a93eb0bda5859b42ae2b4f6dd51ed438891f78 (diff) | |
download | samba-83eaed1cd5185933ac9dfe976b1b20cd2ed75153.tar.gz samba-83eaed1cd5185933ac9dfe976b1b20cd2ed75153.tar.xz samba-83eaed1cd5185933ac9dfe976b1b20cd2ed75153.zip |
Fix a valgrind error in chain_reply
construct_reply() references the request after chain_reply has freed it.
(cherry picked from commit 5135ebd6f099518f0a0b5796e8057210be824740)
Addresses bug #6611.
(cherry picked from commit 5c6aa5ce9fb0cc5d63d04b0777d296c82e61c0a5)
-rw-r--r-- | source3/include/smb.h | 2 | ||||
-rw-r--r-- | source3/smbd/process.c | 13 |
2 files changed, 12 insertions, 3 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h index 9cae327c6cd..b20a8eff06c 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -659,6 +659,8 @@ struct smb_request { * state information for async smb handling */ void *async_priv; + + bool done; }; /* Defines for the sent_oplock_break field above. */ diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 962b4926c88..e1069ebd870 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -377,6 +377,7 @@ void init_smb_request(struct smb_request *req, req->conn = conn_find(req->tid); req->chain_fsp = NULL; req->chain_outbuf = NULL; + req->done = false; smb_init_perfcount_data(&req->pcd); /* Ensure we have at least wct words and 2 bytes of bcc. */ @@ -1395,6 +1396,11 @@ static void construct_reply(char *inbuf, int size, size_t unread_bytes, req->unread_bytes = 0; } + if (req->done) { + TALLOC_FREE(req); + return; + } + if (req->outbuf == NULL) { return; } @@ -1650,8 +1656,8 @@ void chain_reply(struct smb_request *req) exit_server_cleanly("chain_reply: srv_send_smb " "failed."); } - TALLOC_FREE(req); - + TALLOC_FREE(req->chain_outbuf); + req->done = true; return; } @@ -1772,7 +1778,8 @@ void chain_reply(struct smb_request *req) &req->pcd)) { exit_server_cleanly("construct_reply: srv_send_smb failed."); } - TALLOC_FREE(req); + TALLOC_FREE(req->chain_outbuf); + req->done = true; } /**************************************************************************** |