Fix smbd crash for close_on_completion

handle_trans() can talloc_free "conn" if the client requests close_on_completion. "state" is a talloc_child of conn, so it will be gone when we later free state->data et al.
author: Volker Lendecke <vl@samba.org> 2009-03-28 19:58:45 +0100
committer: Volker Lendecke <vl@samba.org> 2009-04-05 14:34:14 +0200
commit: 3b0572bf91a527674459427c761d45361e40d3ec (patch)
tree: 2dea4f08f892078bd5f47ee5446395a6562ad1d5
parent: 0421fa90ce2f140da95e51216677834896d77213 (diff)
download: samba-3b0572bf91a527674459427c761d45361e40d3ec.tar.gz
samba-3b0572bf91a527674459427c761d45361e40d3ec.tar.bz2
samba-3b0572bf91a527674459427c761d45361e40d3ec.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index d39aab4f47..2d5713590d 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -754,6 +754,8 @@ void reply_trans(struct smb_request *req)
 		return;
 	}
 
+	talloc_steal(talloc_tos(), state);
+
 	handle_trans(conn, req, state);
 
 	SAFE_FREE(state->data);
@@ -852,6 +854,8 @@ void reply_transs(struct smb_request *req)
 		return;
 	}
 
+	talloc_steal(talloc_tos(), state);
+
 	handle_trans(conn, req, state);
 
 	DLIST_REMOVE(conn->pending_trans, state);
author	Volker Lendecke <vl@samba.org>	2009-03-28 19:58:45 +0100
committer	Volker Lendecke <vl@samba.org>	2009-04-05 14:34:14 +0200
commit	3b0572bf91a527674459427c761d45361e40d3ec (patch)
tree	2dea4f08f892078bd5f47ee5446395a6562ad1d5
parent	0421fa90ce2f140da95e51216677834896d77213 (diff)
download	samba-3b0572bf91a527674459427c761d45361e40d3ec.tar.gz samba-3b0572bf91a527674459427c761d45361e40d3ec.tar.bz2 samba-3b0572bf91a527674459427c761d45361e40d3ec.zip