summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/smb.h2
-rw-r--r--source3/smbd/conn.c14
2 files changed, 12 insertions, 4 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 732a5308ff..5ee2b1fb44 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -672,6 +672,8 @@ enum acl_compatibility {ACL_COMPAT_AUTO, ACL_COMPAT_WINNT, ACL_COMPAT_WIN2K};
#define UID_FIELD_INVALID 0
#define VUID_OFFSET 100 /* Amount to bias returned vuid numbers */
+#define CNUM_OFFSET 1 /* shift for bitmap index */
+
/*
* Size of buffer to use when moving files across filesystems.
*/
diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c
index 1344bac7a8..53d8553122 100644
--- a/source3/smbd/conn.c
+++ b/source3/smbd/conn.c
@@ -98,6 +98,7 @@ connection_struct *conn_new(struct smbd_server_connection *sconn)
{
connection_struct *conn;
int i;
+ uint32_t cnum;
int find_offset = 1;
if (sconn->using_smb2) {
@@ -156,7 +157,8 @@ find_again:
* which is limited to 16 bits (we skip 0xffff which is the
* NULL TID).
*/
- if (i > 65534) {
+ cnum = i + CNUM_OFFSET;
+ if (cnum >= 0xFFFF) {
DEBUG(0, ("Maximum connection limit reached\n"));
return NULL;
}
@@ -168,7 +170,7 @@ find_again:
return NULL;
}
conn->sconn = sconn;
- conn->cnum = i;
+ conn->cnum = cnum;
conn->force_group_gid = (gid_t)-1;
bitmap_set(sconn->smb1.tcons.bmap, i);
@@ -293,12 +295,16 @@ void conn_free(connection_struct *conn)
}
if (!conn->sconn->using_smb2 &&
- conn->sconn->smb1.tcons.bmap != NULL) {
+ conn->sconn->smb1.tcons.bmap != NULL &&
+ conn->cnum >= CNUM_OFFSET &&
+ conn->cnum < 0xFFFF)
+ {
+ int i = conn->cnum - CNUM_OFFSET;
/*
* Can be NULL for fake connections created by
* create_conn_struct()
*/
- bitmap_clear(conn->sconn->smb1.tcons.bmap, conn->cnum);
+ bitmap_clear(conn->sconn->smb1.tcons.bmap, i);
}
DLIST_REMOVE(conn->sconn->connections, conn);