summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Adam <obnox@samba.org>2013-02-18 23:21:24 +0100
committerMichael Adam <obnox@samba.org>2013-02-19 11:12:01 +0100
commitbdb80aeb11d5458e281483a5cdc57f5481979cc9 (patch)
treeaa22f64e7b211ba16b4d30ff6607d78369638bb3
parent2cf83f7c645e4b216cf6f23857fd72ec0e6ca7a6 (diff)
downloadsamba-bdb80aeb11d5458e281483a5cdc57f5481979cc9.tar.gz
samba-bdb80aeb11d5458e281483a5cdc57f5481979cc9.tar.bz2
samba-bdb80aeb11d5458e281483a5cdc57f5481979cc9.zip
s3:smbd:smb2: fix segfault (access after free) in durable disconnect code
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue Feb 19 11:12:01 CET 2013 on sn-devel-104
-rw-r--r--source3/smbd/close.c1
-rw-r--r--source3/smbd/smbXsrv_open.c1
2 files changed, 2 insertions, 0 deletions
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index df3ae23a92..d0c843ea9c 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -782,6 +782,7 @@ static NTSTATUS close_normal_file(struct smb_request *req, files_struct *fsp,
data_blob_free(&fsp->op->global->backend_cookie);
fsp->op->global->backend_cookie = new_cookie;
+ fsp->op->compat = NULL;
tmp = smbXsrv_open_close(fsp->op, now);
if (!NT_STATUS_IS_OK(tmp)) {
DEBUG(1, ("Failed to update smbXsrv_open "
diff --git a/source3/smbd/smbXsrv_open.c b/source3/smbd/smbXsrv_open.c
index c1754e86b2..be39cbc397 100644
--- a/source3/smbd/smbXsrv_open.c
+++ b/source3/smbd/smbXsrv_open.c
@@ -1078,6 +1078,7 @@ NTSTATUS smbXsrv_open_close(struct smbXsrv_open *op, NTTIME now)
op->db_rec = NULL;
if (op->compat) {
+ op->compat->op = NULL;
file_free(NULL, op->compat);
op->compat = NULL;
}