From 6beba782f1bf951236813e0b46115b8102212c03 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 26 Apr 2010 10:54:33 -0700
Subject: Fix crash when rescheduling oplock open.

Jeremy.
---
 source3/smbd/smb2_create.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index 6a118c3947..3302730fbe 100644
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -981,6 +981,15 @@ void schedule_deferred_open_message_smb2(uint64_t mid)
 	/* Ensure we don't have any outstanding timer event. */
 	TALLOC_FREE(state->te);
 
+	/*
+	 * This is subtle. We must null out the callback
+	 * before resheduling, else the first call to
+	 * tevent_req_nterror() causes the _receive()
+	 * function to be called, this causing tevent_req_post()
+	 * to crash.
+	 */
+	tevent_req_set_callback(smb2req->subreq, NULL, NULL);
+
 	im = tevent_create_immediate(smb2req);
 	if (!im) {
 		smbd_server_connection_terminate(smb2req->sconn,
-- 
cgit