diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-09-25 08:16:16 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:59:12 -0500 |
commit | 045543b661c1ee2c1dac72203e634b9a08568081 (patch) | |
tree | 125df7145d8d748dbdadc21091cb3eaee601a599 /source4 | |
parent | 20fb9ab6cdd3be9c9ffc897108dedb0f142122f1 (diff) | |
download | samba-045543b661c1ee2c1dac72203e634b9a08568081.tar.gz samba-045543b661c1ee2c1dac72203e634b9a08568081.tar.bz2 samba-045543b661c1ee2c1dac72203e634b9a08568081.zip |
r2618: before we had refererence counts in talloc I added a hack in the
server side request structure to prevent a structing being freed in
some circumstances. This change replaces this with the much more
robust mechanism of talloc_increase_ref_count().
(This used to be commit 3f7741f178b359f81cc98ef18cd69bf976123e9f)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/include/smb.h | 1 | ||||
-rw-r--r-- | source4/smb_server/nttrans.c | 8 | ||||
-rw-r--r-- | source4/smb_server/reply.c | 8 | ||||
-rw-r--r-- | source4/smb_server/request.c | 6 | ||||
-rw-r--r-- | source4/smb_server/trans2.c | 8 |
5 files changed, 8 insertions, 23 deletions
diff --git a/source4/include/smb.h b/source4/include/smb.h index 16af58db7d..46b2dd03ca 100644 --- a/source4/include/smb.h +++ b/source4/include/smb.h @@ -607,7 +607,6 @@ typedef struct nt_user_token { /* a set of flags to control handling of request structures */ -#define REQ_CONTROL_PROTECTED (1<<0) /* don't destroy this request */ #define REQ_CONTROL_LARGE (1<<1) /* allow replies larger than max_xmit */ #define REQ_CONTROL_ASYNC (1<<2) /* the backend will answer this one later */ diff --git a/source4/smb_server/nttrans.c b/source4/smb_server/nttrans.c index bd8c49c594..683e9e3386 100644 --- a/source4/smb_server/nttrans.c +++ b/source4/smb_server/nttrans.c @@ -198,8 +198,6 @@ void reply_nttrans(struct smbsrv_request *req) params = trans.out.params.data; data = trans.out.data.data; - req->control_flags |= REQ_CONTROL_PROTECTED; - /* we need to divide up the reply into chunks that fit into the negotiated buffer size */ do { @@ -254,9 +252,9 @@ void reply_nttrans(struct smbsrv_request *req) params += this_param; data += this_data; - /* if this is the last chunk then the request can be destroyed */ - if (params_left == 0 && data_left == 0) { - req->control_flags &= ~REQ_CONTROL_PROTECTED; + /* don't destroy unless this is the last segment */ + if (params_left != 0 || data_left != 0) { + talloc_increase_ref_count(req); } req_send_reply(req); diff --git a/source4/smb_server/reply.c b/source4/smb_server/reply.c index 801327f086..72c7c20a11 100644 --- a/source4/smb_server/reply.c +++ b/source4/smb_server/reply.c @@ -1332,13 +1332,9 @@ void reply_echo(struct smbsrv_request *req) memcpy(req->out.data, req->in.data, req->in.data_size); - /* we need to make sure the request isn't destroyed till the - * last packet */ - req->control_flags |= REQ_CONTROL_PROTECTED; - for (i=1; i <= count;i++) { - if (i == count) { - req->control_flags &= ~REQ_CONTROL_PROTECTED; + if (i != count) { + talloc_increase_ref_count(req); } SSVAL(req->out.vwv, VWV(0), i); diff --git a/source4/smb_server/request.c b/source4/smb_server/request.c index 15e821b32b..3d78c0a55d 100644 --- a/source4/smb_server/request.c +++ b/source4/smb_server/request.c @@ -30,12 +30,6 @@ /* destroy a request structure */ void req_destroy(struct smbsrv_request *req) { - /* the request might be marked protected. This is done by the - * SMBecho code for example */ - if (req->control_flags & REQ_CONTROL_PROTECTED) { - return; - } - /* ahh, its so nice to destroy a complex structure in such a * simple way! */ talloc_free(req); diff --git a/source4/smb_server/trans2.c b/source4/smb_server/trans2.c index a5033f9b56..e681c9fe29 100644 --- a/source4/smb_server/trans2.c +++ b/source4/smb_server/trans2.c @@ -1323,8 +1323,6 @@ void reply_trans_generic(struct smbsrv_request *req, uint8_t command) params = trans.out.params.data; data = trans.out.data.data; - req->control_flags |= REQ_CONTROL_PROTECTED; - /* we need to divide up the reply into chunks that fit into the negotiated buffer size */ do { @@ -1384,9 +1382,9 @@ void reply_trans_generic(struct smbsrv_request *req, uint8_t command) params += this_param; data += this_data; - /* if this is the last chunk then the request can be destroyed */ - if (params_left == 0 && data_left == 0) { - req->control_flags &= ~REQ_CONTROL_PROTECTED; + /* don't destroy unless this is the last chunk */ + if (params_left != 0 || data_left != 0) { + talloc_increase_ref_count(req); } req_send_reply(req); |