The Samba-Bugzilla – Attachment 7079 Details for
Bug 8592
SMB2: crash when more than 256 searches are open
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Metze's patchset from master
8592.mbox (text/plain), 6.45 KB, created by
Christian Ambach
on 2011-11-10 14:49:04 UTC
(
hide
)
Description:
Metze's patchset from master
Filename:
MIME Type:
Creator:
Christian Ambach
Created:
2011-11-10 14:49:04 UTC
Size:
6.45 KB
patch
obsolete
>From 777930ee6d2edbcae85998c1d36102a48ce34ba4 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 10 Nov 2011 10:39:34 +0100 >Subject: [PATCH 1/3] s3:smbd: avoid string_set() in dir.c > >And do some more error checks. > >metze >--- > source3/smbd/dir.c | 11 +++++++++-- > 1 files changed, 9 insertions(+), 2 deletions(-) > >diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c >index 9969693..e6f431e 100644 >--- a/source3/smbd/dir.c >+++ b/source3/smbd/dir.c >@@ -279,7 +279,7 @@ done: > > /* Lanman 2 specific code */ > SAFE_FREE(dptr->wcard); >- string_set(&dptr->path,""); >+ SAFE_FREE(dptr->path); > SAFE_FREE(dptr); > } > >@@ -534,7 +534,13 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp, > > dptr->dnum += 1; /* Always bias the dnum by one - no zero dnums allowed. */ > >- string_set(&dptr->path,path); >+ dptr->path = SMB_STRDUP(path); >+ if (!dptr->path) { >+ bitmap_clear(sconn->searches.dptr_bmap, dptr->dnum - 1); >+ SAFE_FREE(dptr); >+ TALLOC_FREE(dir_hnd); >+ return NT_STATUS_NO_MEMORY; >+ } > dptr->conn = conn; > dptr->dir_hnd = dir_hnd; > dptr->spid = spid; >@@ -542,6 +548,7 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp, > dptr->wcard = SMB_STRDUP(wcard); > if (!dptr->wcard) { > bitmap_clear(sconn->searches.dptr_bmap, dptr->dnum - 1); >+ SAFE_FREE(dptr->path); > SAFE_FREE(dptr); > TALLOC_FREE(dir_hnd); > return NT_STATUS_NO_MEMORY; >-- >1.7.1 > > >From 45ae54a6cd664e34a4dadee1edf42493f71427f3 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 9 Nov 2011 15:59:22 +0100 >Subject: [PATCH 2/3] s3:smbd: fully construct the dptr before allocating a dnum in the bitmap > >metze >--- > source3/smbd/dir.c | 56 ++++++++++++++++++++++++++------------------------- > 1 files changed, 29 insertions(+), 27 deletions(-) > >diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c >index e6f431e..3430aab 100644 >--- a/source3/smbd/dir.c >+++ b/source3/smbd/dir.c >@@ -470,6 +470,31 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp, > > ZERO_STRUCTP(dptr); > >+ dptr->path = SMB_STRDUP(path); >+ if (!dptr->path) { >+ SAFE_FREE(dptr); >+ TALLOC_FREE(dir_hnd); >+ return NT_STATUS_NO_MEMORY; >+ } >+ dptr->conn = conn; >+ dptr->dir_hnd = dir_hnd; >+ dptr->spid = spid; >+ dptr->expect_close = expect_close; >+ dptr->wcard = SMB_STRDUP(wcard); >+ if (!dptr->wcard) { >+ SAFE_FREE(dptr->path); >+ SAFE_FREE(dptr); >+ TALLOC_FREE(dir_hnd); >+ return NT_STATUS_NO_MEMORY; >+ } >+ if (lp_posix_pathnames() || (wcard[0] == '.' && wcard[1] == 0)) { >+ dptr->has_wild = True; >+ } else { >+ dptr->has_wild = wcard_has_wild; >+ } >+ >+ dptr->attr = attr; >+ > if(old_handle) { > > /* >@@ -493,6 +518,8 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp, > dptr->dnum = bitmap_find(sconn->searches.dptr_bmap, 0); > if(dptr->dnum == -1 || dptr->dnum > 254) { > DEBUG(0,("dptr_create: returned %d: Error - all old dirptrs in use ?\n", dptr->dnum)); >+ SAFE_FREE(dptr->path); >+ SAFE_FREE(dptr->wcard); > SAFE_FREE(dptr); > TALLOC_FREE(dir_hnd); > return NT_STATUS_TOO_MANY_OPENED_FILES; >@@ -523,6 +550,8 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp, > > if(dptr->dnum == -1 || dptr->dnum < 255) { > DEBUG(0,("dptr_create: returned %d: Error - all new dirptrs in use ?\n", dptr->dnum)); >+ SAFE_FREE(dptr->path); >+ SAFE_FREE(dptr->wcard); > SAFE_FREE(dptr); > TALLOC_FREE(dir_hnd); > return NT_STATUS_TOO_MANY_OPENED_FILES; >@@ -534,33 +563,6 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp, > > dptr->dnum += 1; /* Always bias the dnum by one - no zero dnums allowed. */ > >- dptr->path = SMB_STRDUP(path); >- if (!dptr->path) { >- bitmap_clear(sconn->searches.dptr_bmap, dptr->dnum - 1); >- SAFE_FREE(dptr); >- TALLOC_FREE(dir_hnd); >- return NT_STATUS_NO_MEMORY; >- } >- dptr->conn = conn; >- dptr->dir_hnd = dir_hnd; >- dptr->spid = spid; >- dptr->expect_close = expect_close; >- dptr->wcard = SMB_STRDUP(wcard); >- if (!dptr->wcard) { >- bitmap_clear(sconn->searches.dptr_bmap, dptr->dnum - 1); >- SAFE_FREE(dptr->path); >- SAFE_FREE(dptr); >- TALLOC_FREE(dir_hnd); >- return NT_STATUS_NO_MEMORY; >- } >- if (lp_posix_pathnames() || (wcard[0] == '.' && wcard[1] == 0)) { >- dptr->has_wild = True; >- } else { >- dptr->has_wild = wcard_has_wild; >- } >- >- dptr->attr = attr; >- > DLIST_ADD(sconn->searches.dirptrs, dptr); > > DEBUG(3,("creating new dirptr %d for path %s, expect_close = %d\n", >-- >1.7.1 > > >From da29de6b540ba8bf416a7beb7372f84a39878ef9 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 9 Nov 2011 16:04:09 +0100 >Subject: [PATCH 3/3] s3:smbd: don't limit the number of open dptrs for smb2 (bug #8592) > >This fixes a crash bug that is triggered, when a client has more than >256 directory handles with searches. > >metze > >Autobuild-User: Stefan Metzmacher <metze@samba.org> >Autobuild-Date: Thu Nov 10 14:08:14 CET 2011 on sn-devel-104 >--- > source3/smbd/dir.c | 15 ++++++++++++--- > 1 files changed, 12 insertions(+), 3 deletions(-) > >diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c >index 3430aab..9108a80 100644 >--- a/source3/smbd/dir.c >+++ b/source3/smbd/dir.c >@@ -260,6 +260,10 @@ static void dptr_close_internal(struct dptr_struct *dptr) > goto done; > } > >+ if (sconn->using_smb2) { >+ goto done; >+ } >+ > DLIST_REMOVE(sconn->searches.dirptrs, dptr); > > /* >@@ -495,6 +499,10 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp, > > dptr->attr = attr; > >+ if (sconn->using_smb2) { >+ goto done; >+ } >+ > if(old_handle) { > > /* >@@ -565,6 +573,7 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp, > > DLIST_ADD(sconn->searches.dirptrs, dptr); > >+done: > DEBUG(3,("creating new dirptr %d for path %s, expect_close = %d\n", > dptr->dnum,path,expect_close)); > >@@ -1336,7 +1345,7 @@ static int smb_Dir_destructor(struct smb_Dir *dirp) > #endif > SMB_VFS_CLOSEDIR(dirp->conn,dirp->dir); > } >- if (dirp->conn->sconn) { >+ if (dirp->conn->sconn && !dirp->conn->sconn->using_smb2) { > dirp->conn->sconn->searches.dirhandles_open--; > } > return 0; >@@ -1367,7 +1376,7 @@ struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx, connection_struct *conn, > goto fail; > } > >- if (sconn) { >+ if (sconn && !sconn->using_smb2) { > sconn->searches.dirhandles_open++; > } > talloc_set_destructor(dirp, smb_Dir_destructor); >@@ -1411,7 +1420,7 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn, > goto fail; > } > >- if (sconn) { >+ if (sconn && !sconn->using_smb2) { > sconn->searches.dirhandles_open++; > } > talloc_set_destructor(dirp, smb_Dir_destructor); >-- >1.7.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 8592
: 7079 |
7080