From 23067abc20e25c0aa713972d0fac6bf48fb1c482 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 9 Nov 2011 16:04:09 +0100
Subject: [PATCH] s3:smbd: don't limit the number of open dptrs for smb2 (bug
 #8592)

This fixes a crash bug that is triggered, when a client has more than
256 directory handles with searches.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Nov 10 14:08:14 CET 2011 on sn-devel-104
(cherry picked from commit 22ddbb50534aa73240a171732d4ac1fa884fa412)
(cherry picked from commit b3f98fc0366cd27c9e043591c70e283423fcd77e)
---
 source3/smbd/dir.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 3430aaba941..9108a80c6ca 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -260,6 +260,10 @@ static void dptr_close_internal(struct dptr_struct *dptr)
 		goto done;
 	}
 
+	if (sconn->using_smb2) {
+		goto done;
+	}
+
 	DLIST_REMOVE(sconn->searches.dirptrs, dptr);
 
 	/*
@@ -495,6 +499,10 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp,
 
 	dptr->attr = attr;
 
+	if (sconn->using_smb2) {
+		goto done;
+	}
+
 	if(old_handle) {
 
 		/*
@@ -565,6 +573,7 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp,
 
 	DLIST_ADD(sconn->searches.dirptrs, dptr);
 
+done:
 	DEBUG(3,("creating new dirptr %d for path %s, expect_close = %d\n",
 		dptr->dnum,path,expect_close));  
 
@@ -1336,7 +1345,7 @@ static int smb_Dir_destructor(struct smb_Dir *dirp)
 #endif
 		SMB_VFS_CLOSEDIR(dirp->conn,dirp->dir);
 	}
-	if (dirp->conn->sconn) {
+	if (dirp->conn->sconn && !dirp->conn->sconn->using_smb2) {
 		dirp->conn->sconn->searches.dirhandles_open--;
 	}
 	return 0;
@@ -1367,7 +1376,7 @@ struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx, connection_struct *conn,
 		goto fail;
 	}
 
-	if (sconn) {
+	if (sconn && !sconn->using_smb2) {
 		sconn->searches.dirhandles_open++;
 	}
 	talloc_set_destructor(dirp, smb_Dir_destructor);
@@ -1411,7 +1420,7 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn,
 		goto fail;
 	}
 
-	if (sconn) {
+	if (sconn && !sconn->using_smb2) {
 		sconn->searches.dirhandles_open++;
 	}
 	talloc_set_destructor(dirp, smb_Dir_destructor);
-- 
2.11.4.GIT