From 7118df6df0970ce3403056a2ee073c18d0b06bd7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 10 Nov 2005 09:12:36 +0000 Subject: r11635: fix a handling of packet_send in the smb client lib this was cause of the PANIC on the build farm on metze01 as we use req->out.buffer from the old request in the smb_raw_ntcancel() and send a 0 TID, that causes our server code to crash (a fix for the server code will follow) metze (This used to be commit 97cd824e44b03178706b108c7a78753faf412e8f) --- source4/libcli/raw/clitransport.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'source4/libcli/raw') diff --git a/source4/libcli/raw/clitransport.c b/source4/libcli/raw/clitransport.c index bc00b19ef5..6bf79ecfb0 100644 --- a/source4/libcli/raw/clitransport.c +++ b/source4/libcli/raw/clitransport.c @@ -559,7 +559,16 @@ void smbcli_transport_send(struct smbcli_request *req) return; } - /* put it on the socket queue */ + /* put it on the socket queue + * - as the buffer is a part of the smbcli_request struct + * we need to reference it here, because packet_queue_run() + * will call talloc_free() on it + */ + if (!talloc_reference(req, req->out.buffer)) { + req->state = SMBCLI_REQUEST_ERROR; + req->status = NT_STATUS_NO_MEMORY; + return; + } blob = data_blob_const(req->out.buffer, req->out.size); status = packet_send(req->transport->packet, blob); if (!NT_STATUS_IS_OK(status)) { -- cgit