From 34a8324409961c4837e83c714fb1a285f238312d Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 8 Jun 2010 21:20:07 -0700
Subject: Fix a valgrind error found by SMB2-COMPOUND test.

If a file is closed we must also NULL out all chained_fsp
pointers when the fsp is freed to prevent invalid pointer
access.

Jeremy.
---
 source3/smbd/files.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'source3/smbd/files.c')

diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index 43956e3903..7ad5ce3ae6 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -503,6 +503,14 @@ void file_free(struct smb_request *req, files_struct *fsp)
 		req->chain_fsp = NULL;
 	}
 
+	/*
+	 * Clear all possible chained fsp
+	 * pointers in the SMB2 request queue.
+	 */
+	if (req != NULL && req->smb2req) {
+		remove_smb2_chained_fsp(fsp);
+	}
+
 	/* Closing a file can invalidate the positive cache. */
 	if (fsp == fsp_fi_cache.fsp) {
 		ZERO_STRUCT(fsp_fi_cache);
-- 
cgit