summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2000-04-27 18:46:10 +0000
committerJeremy Allison <jra@samba.org>2000-04-27 18:46:10 +0000
commite3987ff7a638f9ea8b6794f1ed0df530d8488033 (patch)
tree699420ad5d125a75131eb8b02329770172ec7948 /source3
parent3d9141d4156a3207af03d4137acd4b1cde46cfae (diff)
downloadsamba-e3987ff7a638f9ea8b6794f1ed0df530d8488033.tar.gz
samba-e3987ff7a638f9ea8b6794f1ed0df530d8488033.tar.bz2
samba-e3987ff7a638f9ea8b6794f1ed0df530d8488033.zip
Fixed crash bugs Andrew pointed out with LOCK4 smbtorture
test. Was miscounting posix locks, plus was not taking into account the case where other_fsp == fsp in the 'move locks' case. DOH ! This code will be re-written anyway :-). Jeremy. (This used to be commit 5278ec016cb24d8263fe6e7c1d389f466270ef24)
Diffstat (limited to 'source3')
-rw-r--r--source3/include/smb.h2
-rw-r--r--source3/locking/locking.c17
-rw-r--r--source3/smbd/open.c12
3 files changed, 16 insertions, 15 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 1559143418..2e11d66729 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -489,7 +489,7 @@ typedef struct files_struct
time_t pending_modtime;
int oplock_type;
int sent_oplock_break;
- unsigned int num_posix_locks;
+ int num_posix_locks;
unsigned int num_posix_pending_closes;
int *posix_pending_close_fds;
BOOL can_lock;
diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index 811dfbc101..b61e8acedc 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -284,7 +284,7 @@ static BOOL is_posix_locked(files_struct *fsp, SMB_BIG_UINT u_offset, SMB_BIG_UI
SMB_OFF_T count;
DEBUG(10,("is_posix_locked: File %s, offset = %.0f, count = %.0f, type = %s\n",
- fsp->fsp_name, (double)offset, (double)count, lock_type_name(lock_type) ));
+ fsp->fsp_name, (double)u_offset, (double)u_count, lock_type_name(lock_type) ));
/*
* If the requested lock won't fit in the POSIX range, we will
@@ -315,7 +315,7 @@ static BOOL set_posix_lock(files_struct *fsp, SMB_BIG_UINT u_offset, SMB_BIG_UIN
BOOL ret = True;
DEBUG(5,("set_posix_lock: File %s, offset = %.0f, count = %.0f, type = %s\n",
- fsp->fsp_name, (double)offset, (double)count, lock_type_name(lock_type) ));
+ fsp->fsp_name, (double)u_offset, (double)u_count, lock_type_name(lock_type) ));
/*
* If the requested lock won't fit in the POSIX range, we will
@@ -350,17 +350,15 @@ static BOOL release_posix_lock(files_struct *fsp, SMB_BIG_UINT u_offset, SMB_BIG
BOOL ret = True;
DEBUG(5,("release_posix_lock: File %s, offset = %.0f, count = %.0f\n",
- fsp->fsp_name, (double)offset, (double)count ));
+ fsp->fsp_name, (double)u_offset, (double)u_count ));
if(u_count == 0) {
/*
* This lock must overlap with an existing read-only lock
- * help by another fd. Just decrement the count but don't
- * do any POSIX call.
+ * help by another fd. Don't do any POSIX call.
*/
- fsp->num_posix_locks--;
return True;
}
@@ -374,10 +372,7 @@ static BOOL release_posix_lock(files_struct *fsp, SMB_BIG_UINT u_offset, SMB_BIG
ret = fcntl_lock(fsp->fd,SMB_F_SETLK,offset,count,F_UNLCK);
- if(ret)
- fsp->num_posix_locks--;
-
- return True;
+ return ret;
}
/****************************************************************************
@@ -565,6 +560,8 @@ BOOL do_unlock(files_struct *fsp,connection_struct *conn,
fsp->num_posix_locks--;
+ SMB_ASSERT(fsp->num_posix_locks >= 0);
+
return True; /* Did unlock */
}
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 44bb6ebaf7..c7ca8256d2 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -57,12 +57,16 @@ static BOOL fd_close_posix_locks(files_struct *fsp)
{
files_struct *other_fsp;
- DEBUG(10,("fd_close_posix_locks: file %s: fsp->num_posix_pending_closes = %u.\n", fsp->fsp_name,
- (unsigned int)fsp->num_posix_pending_closes ));
+ DEBUG(10,("fd_close_posix_locks: file %s: fsp->num_posix_pending_closes = %u \
+fsp->posix_pending_close_fds = %lx.\n", fsp->fsp_name,
+ (unsigned int)fsp->num_posix_pending_closes, (unsigned long)fsp->posix_pending_close_fds ));
for(other_fsp = file_find_di_first(fsp->dev, fsp->inode); other_fsp;
other_fsp = file_find_di_next(other_fsp)) {
+ if(other_fsp == fsp)
+ continue;
+
if ((other_fsp->fd != -1) && other_fsp->num_posix_locks) {
/*
@@ -74,8 +78,8 @@ static BOOL fd_close_posix_locks(files_struct *fsp)
unsigned int extra_fds = fsp->num_posix_pending_closes + 1;
DEBUG(10,("fd_close_posix_locks: file %s: Transferring to \
-file %s, other_fsp->num_posix_pending_closes = %u.\n",
- fsp->fsp_name, other_fsp->fsp_name, (unsigned int)other_fsp->num_posix_pending_closes ));
+file %s, extra_fds = %u, other_fsp->num_posix_pending_closes = %u.\n",
+ fsp->fsp_name, other_fsp->fsp_name, extra_fds, (unsigned int)other_fsp->num_posix_pending_closes ));
other_fsp->posix_pending_close_fds = (int *)Realloc(other_fsp->posix_pending_close_fds,
(other_fsp->num_posix_pending_closes +