diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-09-11 06:17:12 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:18:19 -0500 |
commit | 72c5be634c1f656039c32406213e69bb5c120952 (patch) | |
tree | de2a409565240bac2d7e6cce78411d2d4db3ca3a /source4/rpc_server/dcerpc_server.c | |
parent | 79a1d083246caf41c5ae99a1445ad2f84010ba45 (diff) | |
download | samba-72c5be634c1f656039c32406213e69bb5c120952.tar.gz samba-72c5be634c1f656039c32406213e69bb5c120952.tar.bz2 samba-72c5be634c1f656039c32406213e69bb5c120952.zip |
r18363: Found a rather nasty bug in our fragment handling.
We were adding packet fragments onto the *reply* queue, not the
recieve queue. This worked, as long as we got a whole packet before
we did any reply work, but failed once the backend called a remote
LDAP server (and I presume something invoked the event loop).
Andrew Bartlett
(This used to be commit a0162e0ace48104d94f7b7dd3d2f62a7f42e10c6)
Diffstat (limited to 'source4/rpc_server/dcerpc_server.c')
-rw-r--r-- | source4/rpc_server/dcerpc_server.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index c467728747..980fd5490b 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -133,12 +133,12 @@ static const struct dcesrv_interface *find_interface_by_uuid(const struct dcesrv } /* - find a call that is pending in our call list + find the earlier parts of a fragmented call awaiting reassembily */ -static struct dcesrv_call_state *dcesrv_find_call(struct dcesrv_connection *dce_conn, uint16_t call_id) +static struct dcesrv_call_state *dcesrv_find_fragmented_call(struct dcesrv_connection *dce_conn, uint16_t call_id) { struct dcesrv_call_state *c; - for (c=dce_conn->call_list;c;c=c->next) { + for (c=dce_conn->incoming_fragmented_call_list;c;c=c->next) { if (c->pkt.call_id == call_id) { return c; } @@ -1013,7 +1013,7 @@ NTSTATUS dcesrv_input_process(struct dcesrv_connection *dce_conn) /* this is a continuation of an existing call - find the call then tack it on the end */ - call = dcesrv_find_call(dce_conn, call2->pkt.call_id); + call = dcesrv_find_fragmented_call(dce_conn, call2->pkt.call_id); if (!call) { return dcesrv_fault(call2, DCERPC_FAULT_OTHER); } @@ -1049,10 +1049,11 @@ NTSTATUS dcesrv_input_process(struct dcesrv_connection *dce_conn) } /* this may not be the last pdu in the chain - if its isn't then - just put it on the call_list and wait for the rest */ + just put it on the incoming_fragmented_call_list and wait for the rest */ if (call->pkt.ptype == DCERPC_PKT_REQUEST && !(call->pkt.pfc_flags & DCERPC_PFC_FLAG_LAST)) { - DLIST_ADD_END(dce_conn->call_list, call, struct dcesrv_call_state *); + DLIST_ADD_END(dce_conn->incoming_fragmented_call_list, call, + struct dcesrv_call_state *); return NT_STATUS_OK; } |