From dba2ed9ac1710aff2ecc3e9f9463b786e90cd9e3 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 11 Apr 2012 14:15:54 +0200
Subject: s4-smb2: Fix a talloc crash bug.

The talloc context needs to be initialzed or NULL. So move
talloc_steal() to the position where req is initialized.

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Apr 11 15:59:39 CEST 2012 on sn-devel-104
---
 source4/smb_server/smb2/receive.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source4/smb_server')

diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c
index 3b54c977f2..19ab20b941 100644
--- a/source4/smb_server/smb2/receive.c
+++ b/source4/smb_server/smb2/receive.c
@@ -164,8 +164,6 @@ static void smb2srv_chain_reply(struct smb2srv_request *p_req)
 	uint32_t flags;
 	uint32_t last_hdr_offset;
 
-	talloc_steal(req, p_req);
-
 	last_hdr_offset = p_req->in.hdr - p_req->in.buffer;
 
 	chain_offset = p_req->chain_offset;
@@ -192,6 +190,8 @@ static void smb2srv_chain_reply(struct smb2srv_request *p_req)
 		return;
 	}
 
+	talloc_steal(req, p_req);
+
 	req->in.buffer		= talloc_steal(req, p_req->in.buffer);
 	req->in.size		= p_req->in.size;
 	req->request_time	= p_req->request_time;
-- 
cgit