From 7ff5ca064ade79ac1b89ee053535870697a87e01 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 26 Sep 2012 03:04:20 +0200 Subject: [PATCH] s3:smb2_create: don't take 'state->te' as indication for "was_deferred" (bug #9196) We always set state->te = NULL of TALLOC_FREE(state->te), before calling smbd_smb2_request_dispatch(), so open_was_deferred_smb2() always returned false, while dispatching it again. But it's remove_deferred_open_message_smb2_internal() which should reset this state. In developer mode validate_my_share_entries() did call smb_panic() before. metze (cherry picked from commit 4604219ceba96955b3c4bf6ab31aa70c11442d61) --- source3/smbd/smb2_create.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c index aff934f..7db6b00 100644 --- a/source3/smbd/smb2_create.c +++ b/source3/smbd/smb2_create.c @@ -377,6 +377,7 @@ static void smbd_smb2_request_create_done(struct tevent_req *tsubreq) struct smbd_smb2_create_state { struct smbd_smb2_request *smb2req; struct smb_request *smb1req; + bool open_was_deferred; struct timed_event *te; struct tevent_immediate *im; struct timeval request_time; @@ -1203,7 +1204,7 @@ bool open_was_deferred_smb2(struct smbd_server_connection *sconn, uint64_t mid) return false; } /* It's not in progress if there's no timeout event. */ - if (!state->te) { + if (!state->open_was_deferred) { return false; } @@ -1234,6 +1235,7 @@ static void remove_deferred_open_message_smb2_internal(struct smbd_smb2_request "mid %llu\n", (unsigned long long)mid )); + state->open_was_deferred = false; /* Ensure we don't have any outstanding timer event. */ TALLOC_FREE(state->te); /* Ensure we don't have any outstanding immediate event. */ @@ -1456,6 +1458,7 @@ bool push_deferred_open_message_smb2(struct smbd_smb2_request *smb2req, &end_time, true) )); + state->open_was_deferred = true; state->te = tevent_add_timer(smb2req->sconn->ev_ctx, state, end_time, -- 1.7.7.3