The Samba-Bugzilla – Attachment 7746 Details for
Bug 9084
Blocking lock followed by close can crash smbd.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.6.next
0001-s3-Fix-a-crash-in-reply_lockingX_error.patch (text/plain), 2.21 KB, created by
Jeremy Allison
on 2012-08-07 23:53:18 UTC
(
hide
)
Description:
git-am fix for 3.6.next
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2012-08-07 23:53:18 UTC
Size:
2.21 KB
patch
obsolete
>From 52a9539e3b895ded820836b45f0ce6eb10839bca Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Tue, 7 Aug 2012 16:49:52 -0700 >Subject: [PATCH] s3: Fix a crash in reply_lockingX_error > >A timed brlock with 2 locks comes in and the second one blocks, >file is closed. smbd_cancel_pending_lock_requests_by_fid sets >blr->fsp to NULL. reply_lockingX_error (called via >MSG_SMB_BLOCKING_LOCK_CANCEL) deferences blr->fsp because >blr->lock_num==1 (the second one blocked). > >This patch fixes the bug by only undoing the locks if fsp!=NULL. >fsp==NULL is the close case where everything is undone anyway. > >Thanks to Peter Somogyi, somogyi@hu.ibm.com for this bug report. >--- > source3/smbd/blocking.c | 17 ++++++++++++----- > 1 file changed, 12 insertions(+), 5 deletions(-) > >diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c >index c208234..07fdfa0 100644 >--- a/source3/smbd/blocking.c >+++ b/source3/smbd/blocking.c >@@ -326,7 +326,7 @@ static void generic_blocking_lock_error(struct blocking_lock_record *blr, NTSTAT > obtained first. > *****************************************************************************/ > >-static void reply_lockingX_error(struct blocking_lock_record *blr, NTSTATUS status) >+static void undo_locks_obtained(struct blocking_lock_record *blr) > { > files_struct *fsp = blr->fsp; > uint16 num_ulocks = SVAL(blr->req->vwv+6, 0); >@@ -370,8 +370,6 @@ static void reply_lockingX_error(struct blocking_lock_record *blr, NTSTATUS stat > offset, > WINDOWS_LOCK); > } >- >- generic_blocking_lock_error(blr, status); > } > > /**************************************************************************** >@@ -384,8 +382,17 @@ static void blocking_lock_reply_error(struct blocking_lock_record *blr, NTSTATUS > > switch(blr->req->cmd) { > case SMBlockingX: >- reply_lockingX_error(blr, status); >- break; >+ /* >+ * This code can be called during the rundown of a >+ * file after it was already closed. In that case, >+ * blr->fsp==NULL and we do not need to undo any >+ * locks, they are already gone. >+ */ >+ if (blr->fsp != NULL) { >+ undo_locks_obtained(blr); >+ } >+ generic_blocking_lock_error(blr, status); >+ break; > case SMBtrans2: > case SMBtranss2: > reply_nterror(blr->req, status); >-- >1.7.9.5 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=7746">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
vl
:
review+
Actions:
View
Attachments on
bug 9084
: 7746