From b6a9277beaeb7dd113ee6eb95243af8701985216 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 28 Jan 2021 17:35:55 -0800 Subject: [PATCH] s3: torture: Change the SMB1-only UID-REGRESSION-TEST to do an explicit copy of the tcon struct in use. For this test only, explicitly copy the SMB1 tcon struct, don't use cli_state_save_tcon()//cli_state_restore_tcon() as these calls will soon change to just manipulate the pointer to avoid TALLOC_FREE() on the tcon struct which calls destructors on child pipe data. In SMB1 this test calls cli_tdis() twice with an invalid vuid and expects the SMB1 tcon struct to be preserved across the calls. SMB1 cli_tdis() frees cli->smb1.tcon so we must put back a deep copy into cli->smb1.tcon to be able to safely call cli_tdis() again. This is a test-only hack. Real client code uses cli_state_save_tcon()/cli_state_restore_tcon() if it needs to temporarily swap out the active tcon on a client connection. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992 Signed-off-by: Jeremy Allison Reviewed-by: Andreas Schneider (cherry picked from commit e93e6108837eff0cebad8dc26d055c0e1386093a) --- source3/torture/torture.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 4f572902494..d1ea9b85a72 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -11690,7 +11690,7 @@ static bool run_uid_regression_test(int dummy) int16_t old_vuid; int32_t old_cnum; bool correct = True; - struct smbXcli_tcon *orig_tcon = NULL; + struct smbXcli_tcon *tcon_copy = NULL; NTSTATUS status; printf("starting uid regression test\n"); @@ -11731,8 +11731,20 @@ static bool run_uid_regression_test(int dummy) } old_cnum = cli_state_get_tid(cli); - orig_tcon = cli_state_save_tcon(cli); - if (orig_tcon == NULL) { + /* + * This is an SMB1-only test. + * Copy the tcon, not "save/restore". + * + * In SMB1 the cli_tdis() below frees + * cli->smb1.tcon so we need a copy + * of the struct to put back for the + * second tdis call with invalid vuid. + * + * This is a test-only hack. Real client code + * uses cli_state_save_tcon()/cli_state_restore_tcon(). + */ + tcon_copy = smbXcli_tcon_copy(cli, cli->smb1.tcon); + if (tcon_copy == NULL) { correct = false; goto out; } @@ -11748,11 +11760,11 @@ static bool run_uid_regression_test(int dummy) } else { d_printf("First tdis failed (%s)\n", nt_errstr(status)); correct = false; - cli_state_restore_tcon(cli, orig_tcon); + cli->smb1.tcon = tcon_copy; goto out; } - cli_state_restore_tcon(cli, orig_tcon); + cli->smb1.tcon = tcon_copy; cli_state_set_uid(cli, old_vuid); cli_state_set_tid(cli, old_cnum); -- 2.11.4.GIT