summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2010-04-26 12:29:03 -0700
committerJeremy Allison <jra@samba.org>2010-04-26 12:29:03 -0700
commit1055b3c229f9ab8b4d43a73346090bb72b88d607 (patch)
treeb8585ace60b9768770c3490aa19e837e34782356
parent6beba782f1bf951236813e0b46115b8102212c03 (diff)
downloadsamba-1055b3c229f9ab8b4d43a73346090bb72b88d607.tar.gz
samba-1055b3c229f9ab8b4d43a73346090bb72b88d607.tar.bz2
samba-1055b3c229f9ab8b4d43a73346090bb72b88d607.zip
When walking the SMB2 requests queue, ensure the request is still "in flight"
before examining the details. SMB2 requests stay on the queue until their out.vector has been send, only then are they talloc_free'd. Thanks for Ira Cooper <ira@wakeful.net> for giving me the backtrace showing this. Jeremy.
-rw-r--r--source3/smbd/smb2_create.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index 3302730fbe..377db32148 100644
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -877,7 +877,16 @@ static struct smbd_smb2_request *find_open_smb2req(uint64_t mid)
struct smbd_smb2_request *smb2req;
for (smb2req = sconn->smb2.requests; smb2req; smb2req = smb2req->next) {
- uint64_t message_id = get_mid_from_smb2req(smb2req);
+ uint64_t message_id;
+ if (smb2req->subreq == NULL) {
+ /* This message has been processed. */
+ continue;
+ }
+ if (!tevent_req_is_in_progress(smb2req->subreq)) {
+ /* This message has been processed. */
+ continue;
+ }
+ message_id = get_mid_from_smb2req(smb2req);
if (message_id == mid) {
return smb2req;
}