From 83eaed1cd5185933ac9dfe976b1b20cd2ed75153 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 27 Jul 2009 14:47:41 +0200 Subject: [PATCH] Fix a valgrind error in chain_reply construct_reply() references the request after chain_reply has freed it. (cherry picked from commit 5135ebd6f099518f0a0b5796e8057210be824740) Addresses bug #6611. (cherry picked from commit 5c6aa5ce9fb0cc5d63d04b0777d296c82e61c0a5) --- source3/include/smb.h | 2 ++ source3/smbd/process.c | 13 ++++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/source3/include/smb.h b/source3/include/smb.h index 9cae327c6cd..b20a8eff06c 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -659,6 +659,8 @@ struct smb_request { * state information for async smb handling */ void *async_priv; + + bool done; }; /* Defines for the sent_oplock_break field above. */ diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 962b4926c88..e1069ebd870 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -377,6 +377,7 @@ void init_smb_request(struct smb_request *req, req->conn = conn_find(req->tid); req->chain_fsp = NULL; req->chain_outbuf = NULL; + req->done = false; smb_init_perfcount_data(&req->pcd); /* Ensure we have at least wct words and 2 bytes of bcc. */ @@ -1395,6 +1396,11 @@ static void construct_reply(char *inbuf, int size, size_t unread_bytes, req->unread_bytes = 0; } + if (req->done) { + TALLOC_FREE(req); + return; + } + if (req->outbuf == NULL) { return; } @@ -1650,8 +1656,8 @@ void chain_reply(struct smb_request *req) exit_server_cleanly("chain_reply: srv_send_smb " "failed."); } - TALLOC_FREE(req); - + TALLOC_FREE(req->chain_outbuf); + req->done = true; return; } @@ -1772,7 +1778,8 @@ void chain_reply(struct smb_request *req) &req->pcd)) { exit_server_cleanly("construct_reply: srv_send_smb failed."); } - TALLOC_FREE(req); + TALLOC_FREE(req->chain_outbuf); + req->done = true; } /**************************************************************************** -- 2.11.4.GIT