Attachment 7079 Details for Bug 8592 – Metze's patchset from master

[patch] Metze's patchset from master

8592.mbox (text/plain), 6.45 KB, created by Christian Ambach on 2011-11-10 14:49:04 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Christian Ambach

Created: 2011-11-10 14:49:04 UTC

Size: 6.45 KB

patch

obsolete

>From 777930ee6d2edbcae85998c1d36102a48ce34ba4 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Thu, 10 Nov 2011 10:39:34 +0100
>Subject: [PATCH 1/3] s3:smbd: avoid string_set() in dir.c
>
>And do some more error checks.
>
>metze
>---
> source3/smbd/dir.c |   11 +++++++++--
> 1 files changed, 9 insertions(+), 2 deletions(-)
>
>diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
>index 9969693..e6f431e 100644
>--- a/source3/smbd/dir.c
>+++ b/source3/smbd/dir.c
>@@ -279,7 +279,7 @@ done:
> 
> 	/* Lanman 2 specific code */
> 	SAFE_FREE(dptr->wcard);
>-	string_set(&dptr->path,"");
>+	SAFE_FREE(dptr->path);
> 	SAFE_FREE(dptr);
> }
> 
>@@ -534,7 +534,13 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp,
> 
> 	dptr->dnum += 1; /* Always bias the dnum by one - no zero dnums allowed. */
> 
>-	string_set(&dptr->path,path);
>+	dptr->path = SMB_STRDUP(path);
>+	if (!dptr->path) {
>+		bitmap_clear(sconn->searches.dptr_bmap, dptr->dnum - 1);
>+		SAFE_FREE(dptr);
>+		TALLOC_FREE(dir_hnd);
>+		return NT_STATUS_NO_MEMORY;
>+	}
> 	dptr->conn = conn;
> 	dptr->dir_hnd = dir_hnd;
> 	dptr->spid = spid;
>@@ -542,6 +548,7 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp,
> 	dptr->wcard = SMB_STRDUP(wcard);
> 	if (!dptr->wcard) {
> 		bitmap_clear(sconn->searches.dptr_bmap, dptr->dnum - 1);
>+		SAFE_FREE(dptr->path);
> 		SAFE_FREE(dptr);
> 		TALLOC_FREE(dir_hnd);
> 		return NT_STATUS_NO_MEMORY;
>-- 
>1.7.1
>
>
>From 45ae54a6cd664e34a4dadee1edf42493f71427f3 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Wed, 9 Nov 2011 15:59:22 +0100
>Subject: [PATCH 2/3] s3:smbd: fully construct the dptr before allocating a dnum in the bitmap
>
>metze
>---
> source3/smbd/dir.c |   56 ++++++++++++++++++++++++++-------------------------
> 1 files changed, 29 insertions(+), 27 deletions(-)
>
>diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
>index e6f431e..3430aab 100644
>--- a/source3/smbd/dir.c
>+++ b/source3/smbd/dir.c
>@@ -470,6 +470,31 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp,
> 
> 	ZERO_STRUCTP(dptr);
> 
>+	dptr->path = SMB_STRDUP(path);
>+	if (!dptr->path) {
>+		SAFE_FREE(dptr);
>+		TALLOC_FREE(dir_hnd);
>+		return NT_STATUS_NO_MEMORY;
>+	}
>+	dptr->conn = conn;
>+	dptr->dir_hnd = dir_hnd;
>+	dptr->spid = spid;
>+	dptr->expect_close = expect_close;
>+	dptr->wcard = SMB_STRDUP(wcard);
>+	if (!dptr->wcard) {
>+		SAFE_FREE(dptr->path);
>+		SAFE_FREE(dptr);
>+		TALLOC_FREE(dir_hnd);
>+		return NT_STATUS_NO_MEMORY;
>+	}
>+	if (lp_posix_pathnames() || (wcard[0] == '.' && wcard[1] == 0)) {
>+		dptr->has_wild = True;
>+	} else {
>+		dptr->has_wild = wcard_has_wild;
>+	}
>+
>+	dptr->attr = attr;
>+
> 	if(old_handle) {
> 
> 		/*
>@@ -493,6 +518,8 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp,
> 			dptr->dnum = bitmap_find(sconn->searches.dptr_bmap, 0);
> 			if(dptr->dnum == -1 || dptr->dnum > 254) {
> 				DEBUG(0,("dptr_create: returned %d: Error - all old dirptrs in use ?\n", dptr->dnum));
>+				SAFE_FREE(dptr->path);
>+				SAFE_FREE(dptr->wcard);
> 				SAFE_FREE(dptr);
> 				TALLOC_FREE(dir_hnd);
> 				return NT_STATUS_TOO_MANY_OPENED_FILES;
>@@ -523,6 +550,8 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp,
> 
> 			if(dptr->dnum == -1 || dptr->dnum < 255) {
> 				DEBUG(0,("dptr_create: returned %d: Error - all new dirptrs in use ?\n", dptr->dnum));
>+				SAFE_FREE(dptr->path);
>+				SAFE_FREE(dptr->wcard);
> 				SAFE_FREE(dptr);
> 				TALLOC_FREE(dir_hnd);
> 				return NT_STATUS_TOO_MANY_OPENED_FILES;
>@@ -534,33 +563,6 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp,
> 
> 	dptr->dnum += 1; /* Always bias the dnum by one - no zero dnums allowed. */
> 
>-	dptr->path = SMB_STRDUP(path);
>-	if (!dptr->path) {
>-		bitmap_clear(sconn->searches.dptr_bmap, dptr->dnum - 1);
>-		SAFE_FREE(dptr);
>-		TALLOC_FREE(dir_hnd);
>-		return NT_STATUS_NO_MEMORY;
>-	}
>-	dptr->conn = conn;
>-	dptr->dir_hnd = dir_hnd;
>-	dptr->spid = spid;
>-	dptr->expect_close = expect_close;
>-	dptr->wcard = SMB_STRDUP(wcard);
>-	if (!dptr->wcard) {
>-		bitmap_clear(sconn->searches.dptr_bmap, dptr->dnum - 1);
>-		SAFE_FREE(dptr->path);
>-		SAFE_FREE(dptr);
>-		TALLOC_FREE(dir_hnd);
>-		return NT_STATUS_NO_MEMORY;
>-	}
>-	if (lp_posix_pathnames() || (wcard[0] == '.' && wcard[1] == 0)) {
>-		dptr->has_wild = True;
>-	} else {
>-		dptr->has_wild = wcard_has_wild;
>-	}
>-
>-	dptr->attr = attr;
>-
> 	DLIST_ADD(sconn->searches.dirptrs, dptr);
> 
> 	DEBUG(3,("creating new dirptr %d for path %s, expect_close = %d\n",
>-- 
>1.7.1
>
>
>From da29de6b540ba8bf416a7beb7372f84a39878ef9 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Wed, 9 Nov 2011 16:04:09 +0100
>Subject: [PATCH 3/3] s3:smbd: don't limit the number of open dptrs for smb2 (bug #8592)
>
>This fixes a crash bug that is triggered, when a client has more than
>256 directory handles with searches.
>
>metze
>
>Autobuild-User: Stefan Metzmacher <metze@samba.org>
>Autobuild-Date: Thu Nov 10 14:08:14 CET 2011 on sn-devel-104
>---
> source3/smbd/dir.c |   15 ++++++++++++---
> 1 files changed, 12 insertions(+), 3 deletions(-)
>
>diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
>index 3430aab..9108a80 100644
>--- a/source3/smbd/dir.c
>+++ b/source3/smbd/dir.c
>@@ -260,6 +260,10 @@ static void dptr_close_internal(struct dptr_struct *dptr)
> 		goto done;
> 	}
> 
>+	if (sconn->using_smb2) {
>+		goto done;
>+	}
>+
> 	DLIST_REMOVE(sconn->searches.dirptrs, dptr);
> 
> 	/*
>@@ -495,6 +499,10 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp,
> 
> 	dptr->attr = attr;
> 
>+	if (sconn->using_smb2) {
>+		goto done;
>+	}
>+
> 	if(old_handle) {
> 
> 		/*
>@@ -565,6 +573,7 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp,
> 
> 	DLIST_ADD(sconn->searches.dirptrs, dptr);
> 
>+done:
> 	DEBUG(3,("creating new dirptr %d for path %s, expect_close = %d\n",
> 		dptr->dnum,path,expect_close));  
> 
>@@ -1336,7 +1345,7 @@ static int smb_Dir_destructor(struct smb_Dir *dirp)
> #endif
> 		SMB_VFS_CLOSEDIR(dirp->conn,dirp->dir);
> 	}
>-	if (dirp->conn->sconn) {
>+	if (dirp->conn->sconn && !dirp->conn->sconn->using_smb2) {
> 		dirp->conn->sconn->searches.dirhandles_open--;
> 	}
> 	return 0;
>@@ -1367,7 +1376,7 @@ struct smb_Dir *OpenDir(TALLOC_CTX *mem_ctx, connection_struct *conn,
> 		goto fail;
> 	}
> 
>-	if (sconn) {
>+	if (sconn && !sconn->using_smb2) {
> 		sconn->searches.dirhandles_open++;
> 	}
> 	talloc_set_destructor(dirp, smb_Dir_destructor);
>@@ -1411,7 +1420,7 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn,
> 		goto fail;
> 	}
> 
>-	if (sconn) {
>+	if (sconn && !sconn->using_smb2) {
> 		sconn->searches.dirhandles_open++;
> 	}
> 	talloc_set_destructor(dirp, smb_Dir_destructor);
>-- 
>1.7.1
>

Flags:

jra: review+

Actions: View

Attachments on bug 8592: 7079 | 7080