From 4c77d620e6cc5ea31f4a8f0bf9c8dab81f5f1002 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 17 Mar 2011 15:55:15 -0700
Subject: Fix crash bug on smbd shutdown when using FOPENDIR() found by Volker.

The key was allowing the dptr_idle code to be triggered. We were
closing the dirp->dir handle without updating the underlying fd
in the open fsp.

Jeremy.
---
 source3/smbd/dir.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'source3/smbd/dir.c')

diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index b9791e9dab..350c4e5b77 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -575,7 +575,9 @@ void dptr_CloseDir(files_struct *fsp)
  * present. I hate Solaris. JRA.
  */
 #ifdef HAVE_DIRFD
-		if (fsp->fh->fd == dirfd(fsp->dptr->dir_hnd->dir)) {
+		if (fsp->fh->fd != -1 &&
+				fsp->dptr->dir_hnd &&
+				dirfd(fsp->dptr->dir_hnd->dir)) {
 			/* The call below closes the underlying fd. */
 			fsp->fh->fd = -1;
 		}
@@ -1311,6 +1313,16 @@ bool is_visible_file(connection_struct *conn, const char *dir_path,
 static int smb_Dir_destructor(struct smb_Dir *dirp)
 {
 	if (dirp->dir) {
+#ifdef HAVE_DIRFD
+		if (dirp->conn->sconn) {
+			files_struct *fsp = file_find_fd(dirp->conn->sconn,
+						dirfd(dirp->dir));
+			if (fsp) {
+				/* The call below closes the underlying fd. */
+				fsp->fh->fd = -1;
+			}
+		}
+#endif
 		SMB_VFS_CLOSEDIR(dirp->conn,dirp->dir);
 	}
 	if (dirp->conn->sconn) {
-- 
cgit