summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2006-01-23 14:02:17 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:06:12 -0500
commite95e6044b06fa225b016f20ab53ee4082a8f5ae0 (patch)
treeaddd59df620708bae48493859d49322dd9c3ea2f
parent2f7bc0e53d369fa687cc5ffb144fa262ac418e3a (diff)
downloadsamba-e95e6044b06fa225b016f20ab53ee4082a8f5ae0.tar.gz
samba-e95e6044b06fa225b016f20ab53ee4082a8f5ae0.tar.bz2
samba-e95e6044b06fa225b016f20ab53ee4082a8f5ae0.zip
r13081: correct fix for the segv in nmbd caused by a double free on namerec.
(This used to be commit c908dbc4b260bac72cbc6d25f4728359a6ec8259)
-rw-r--r--source3/nmbd/nmbd_namelistdb.c11
-rw-r--r--source3/nmbd/nmbd_winsserver.c5
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c19
-rw-r--r--source3/utils/status.c8
4 files changed, 23 insertions, 20 deletions
diff --git a/source3/nmbd/nmbd_namelistdb.c b/source3/nmbd/nmbd_namelistdb.c
index baaf5dbd54..60023a7ed5 100644
--- a/source3/nmbd/nmbd_namelistdb.c
+++ b/source3/nmbd/nmbd_namelistdb.c
@@ -80,14 +80,13 @@ static void upcase_name( struct nmb_name *target, const struct nmb_name *source
void remove_name_from_namelist(struct subnet_record *subrec,
struct name_record *namerec )
{
- if (subrec == wins_server_subnet) {
+ if (subrec == wins_server_subnet)
remove_name_from_wins_namelist(namerec);
- return;
- }
-
- subrec->namelist_changed = True;
+ else {
+ subrec->namelist_changed = True;
+ DLIST_REMOVE(subrec->namelist, namerec);
+ }
- DLIST_REMOVE(subrec->namelist, namerec);
SAFE_FREE(namerec->data.ip);
ZERO_STRUCTP(namerec);
SAFE_FREE(namerec);
diff --git a/source3/nmbd/nmbd_winsserver.c b/source3/nmbd/nmbd_winsserver.c
index 5c234bf8dc..9983efe5eb 100644
--- a/source3/nmbd/nmbd_winsserver.c
+++ b/source3/nmbd/nmbd_winsserver.c
@@ -290,8 +290,9 @@ BOOL remove_name_from_wins_namelist(struct name_record *namerec)
DLIST_REMOVE(wins_server_subnet->namelist, namerec);
SAFE_FREE(namerec->data.ip);
- ZERO_STRUCTP(namerec);
- SAFE_FREE(namerec);
+
+ /* namerec must be freed by the caller */
+
return (ret == 0) ? True : False;
}
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 230f062662..b0e8111f62 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -2,8 +2,8 @@
* Unix SMB/CIFS implementation.
* RPC Pipe client / server routines
* Copyright (C) Andrew Tridgell 1992-1997,
- * Copyright (C) Jeremy Allison 2001.
- * Copyright (C) Nigel Williams 2001.
+ * Copyright (C) Jeremy Allison 2001.
+ * Copyright (C) Nigel Williams 2001.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -1539,6 +1539,7 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S
SEC_DESC *psd = NULL;
SE_PRIV se_diskop = SE_DISK_OPERATOR;
BOOL is_disk_op = False;
+ int max_connections = 0;
DEBUG(5,("_srv_net_share_set_info: %d\n", __LINE__));
@@ -1583,6 +1584,7 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S
unistr2_to_ascii(comment, &q_u->info.share.info2.info_2_str.uni_remark, sizeof(comment));
unistr2_to_ascii(pathname, &q_u->info.share.info2.info_2_str.uni_path, sizeof(pathname));
type = q_u->info.share.info2.info_2.type;
+ max_connections = (q_u->info.share.info2.max_uses == 0xffffffff) ? 0 : q_u->info.share.info2.max_uses;
psd = NULL;
break;
#if 0
@@ -1658,8 +1660,8 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S
return WERR_ACCESS_DENIED;
}
- slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"",
- lp_change_share_cmd(), dyn_CONFIGFILE, share_name, path, comment);
+ slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\" %d",
+ lp_change_share_cmd(), dyn_CONFIGFILE, share_name, path, comment, max_connections );
DEBUG(10,("_srv_net_share_set_info: Running [%s]\n", command ));
@@ -1951,16 +1953,17 @@ WERROR _srv_net_remote_tod(pipes_struct *p, SRV_Q_NET_REMOTE_TOD *q_u, SRV_R_NET
TIME_OF_DAY_INFO *tod;
struct tm *t;
time_t unixdate = time(NULL);
+
/* We do this call first as if we do it *after* the gmtime call
it overwrites the pointed-to values. JRA */
+
uint32 zone = get_time_zone(unixdate)/60;
- tod = TALLOC_P(p->mem_ctx, TIME_OF_DAY_INFO);
- if (!tod)
+ DEBUG(5,("_srv_net_remote_tod: %d\n", __LINE__));
+
+ if ( !(tod = TALLOC_ZERO_P(p->mem_ctx, TIME_OF_DAY_INFO)) )
return WERR_NOMEM;
- ZERO_STRUCTP(tod);
-
r_u->tod = tod;
r_u->ptr_srv_tod = 0x1;
r_u->status = WERR_OK;
diff --git a/source3/utils/status.c b/source3/utils/status.c
index f19a217aa6..b9f1c161e4 100644
--- a/source3/utils/status.c
+++ b/source3/utils/status.c
@@ -103,13 +103,13 @@ static void print_share_mode(const struct share_mode_entry *e, const char *share
static int count;
if (count==0) {
d_printf("Locked files:\n");
- d_printf("Pid DenyMode Access R/W Oplock SharePath Name\n");
- d_printf("----------------------------------------------------------------------------------\n");
+ d_printf("Pid DenyMode Access R/W Oplock SharePath Name\n");
+ d_printf("----------------------------------------------------------------------------------------\n");
}
count++;
if (Ucrit_checkPid(procid_to_pid(&e->pid))) {
- d_printf("%s ",procid_str_static(&e->pid));
+ d_printf("%-11s ",procid_str_static(&e->pid));
switch (map_share_mode_to_deny_mode(e->share_access,
e->private_options)) {
case DENY_NONE: d_printf("DENY_NONE "); break;
@@ -166,7 +166,7 @@ static void print_brl(SMB_DEV_T dev, SMB_INO_T ino, struct process_id pid,
}
count++;
- d_printf("%s %05x:%05x %s %9.0f %9.0f\n",
+ d_printf("%08s %05x:%05x %s %9.0f %9.0f\n",
procid_str_static(&pid), (int)dev, (int)ino,
lock_type==READ_LOCK?"R":"W",
(double)start, (double)size);