| commit | 988118c2358204eab5bb5907d0f5390cfece9538 | |
| author | Volker Lendecke <vl@samba.org> | |
| Tue, 7 Aug 2012 23:49:52 +0000 (7 16:49 -0700) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Fri, 21 Sep 2012 07:44:41 +0000 (21 09:44 +0200) | ||
| tree | c70711663d279402924386e9cd33f093776f6bac | treesnapshot (tar.gz zip) |
| parent | 6c50a545452b49ac956694bf10f0dcd8cbc48c73 | commitdiff |
s3: Fix a crash in reply_lockingX_error
A timed brlock with 2 locks comes in and the second one blocks,
file is closed. smbd_cancel_pending_lock_requests_by_fid sets
blr->fsp to NULL. reply_lockingX_error (called via
MSG_SMB_BLOCKING_LOCK_CANCEL) deferences blr->fsp because
blr->lock_num==1 (the second one blocked).
This patch fixes the bug by only undoing the locks if fsp!=NULL.
fsp==NULL is the close case where everything is undone anyway.
Thanks to Peter Somogyi, somogyi@hu.ibm.com for this bug report.
Fix bug #9084 - Blocking lock followed by close can crash smbd.
(cherry picked from commit d80fbbea8ec77c0bda0e3fb9eaed2f170784ea7d)
(cherry picked from commit b27caac5e077b49f46edf34045bb4fd8d17b4c77)
A timed brlock with 2 locks comes in and the second one blocks,
file is closed. smbd_cancel_pending_lock_requests_by_fid sets
blr->fsp to NULL. reply_lockingX_error (called via
MSG_SMB_BLOCKING_LOCK_CANCEL) deferences blr->fsp because
blr->lock_num==1 (the second one blocked).
This patch fixes the bug by only undoing the locks if fsp!=NULL.
fsp==NULL is the close case where everything is undone anyway.
Thanks to Peter Somogyi, somogyi@hu.ibm.com for this bug report.
Fix bug #9084 - Blocking lock followed by close can crash smbd.
(cherry picked from commit d80fbbea8ec77c0bda0e3fb9eaed2f170784ea7d)
(cherry picked from commit b27caac5e077b49f46edf34045bb4fd8d17b4c77)
| source3/smbd/blocking.c | diffblobblamehistory |