From 3e7039349fa79cc16cd3a2ece79b63b0fffbb616 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 17 Dec 1998 21:41:28 +0000
Subject: Fix bug with nmbd running wild due to recursion in
 retransmit_or_expire_response_records(). Jeremy. (This used to be commit
 d5f05b4faef50e7cfc0ed05a87d92e14102106c6)

---
 source3/nmbd/nmbd_packets.c           | 33 ++++++++++++++++++++++++---------
 source3/nmbd/nmbd_responserecordsdb.c |  3 +++
 2 files changed, 27 insertions(+), 9 deletions(-)

(limited to 'source3/nmbd')

diff --git a/source3/nmbd/nmbd_packets.c b/source3/nmbd/nmbd_packets.c
index ce785b40a4..7f27753352 100644
--- a/source3/nmbd/nmbd_packets.c
+++ b/source3/nmbd/nmbd_packets.c
@@ -1633,16 +1633,31 @@ to IP %s on subnet %s\n", rrec->response_id, inet_ntoa(rrec->packet->ip),
 on subnet %s\n", rrec->response_id, inet_ntoa(rrec->packet->ip), 
                  subrec->subnet_name));
 
-          /* Call the timeout function. This will deal with removing the
-             timed out packet. */
-          if(rrec->timeout_fn)
-            (*rrec->timeout_fn)(subrec, rrec);
-          else
+          /*
+           * Check the flag in this record to prevent recursion if we end
+           * up in this function again via the timeout function call.
+           */
+
+          if(!rrec->in_expiration_processing)
           {
-            /* We must remove the record ourself if there is
-               no timeout function. */
-            remove_response_record(subrec, rrec);
-          }
+
+            /*
+             * Set the recursion protection flag in this record.
+             */
+
+            rrec->in_expiration_processing = True;
+
+            /* Call the timeout function. This will deal with removing the
+               timed out packet. */
+            if(rrec->timeout_fn)
+              (*rrec->timeout_fn)(subrec, rrec);
+            else
+            {
+              /* We must remove the record ourself if there is
+                 no timeout function. */
+              remove_response_record(subrec, rrec);
+            }
+          } /* !rrec->in_expitation_processing */
         } /* rrec->repeat_count > 0 */
       } /* rrec->repeat_time <= t */
     } /* end for rrec */
diff --git a/source3/nmbd/nmbd_responserecordsdb.c b/source3/nmbd/nmbd_responserecordsdb.c
index 3edca69981..0c698760bb 100644
--- a/source3/nmbd/nmbd_responserecordsdb.c
+++ b/source3/nmbd/nmbd_responserecordsdb.c
@@ -172,6 +172,9 @@ struct response_record *make_response_record( struct subnet_record *subrec,
   rrec->repeat_count = 3; /* 3 retries */
   rrec->repeat_time = time(NULL) + rrec->repeat_interval; /* initial retry time */
 
+  /* This packet is not being processed. */
+  rrec->in_expiration_processing = False;
+
   /* Lock the packet so we won't lose it while it's on the list. */
   p->locked = True;
 
-- 
cgit