From bdb80aeb11d5458e281483a5cdc57f5481979cc9 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Mon, 18 Feb 2013 23:21:24 +0100
Subject: [PATCH] s3:smbd:smb2: fix segfault (access after free) in durable
 disconnect code

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Feb 19 11:12:01 CET 2013 on sn-devel-104
---
 source3/smbd/close.c        | 1 +
 source3/smbd/smbXsrv_open.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index df3ae23a92a..d0c843ea9cc 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -782,6 +782,7 @@ static NTSTATUS close_normal_file(struct smb_request *req, files_struct *fsp,
 			data_blob_free(&fsp->op->global->backend_cookie);
 			fsp->op->global->backend_cookie = new_cookie;
 
+			fsp->op->compat = NULL;
 			tmp = smbXsrv_open_close(fsp->op, now);
 			if (!NT_STATUS_IS_OK(tmp)) {
 				DEBUG(1, ("Failed to update smbXsrv_open "
diff --git a/source3/smbd/smbXsrv_open.c b/source3/smbd/smbXsrv_open.c
index c1754e86b2e..be39cbc3972 100644
--- a/source3/smbd/smbXsrv_open.c
+++ b/source3/smbd/smbXsrv_open.c
@@ -1078,6 +1078,7 @@ NTSTATUS smbXsrv_open_close(struct smbXsrv_open *op, NTTIME now)
 	op->db_rec = NULL;
 
 	if (op->compat) {
+		op->compat->op = NULL;
 		file_free(NULL, op->compat);
 		op->compat = NULL;
 	}
-- 
2.11.4.GIT