Bug 9084 - Blocking lock followed by close can crash smbd.
Summary: Blocking lock followed by close can crash smbd.
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: File services (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-08-07 23:51 UTC by Jeremy Allison
Modified: 2020-12-11 08:26 UTC (History)
1 user (show)

See Also:

Attachments
git-am fix for 3.6.next (2.21 KB, patch)
2012-08-07 23:53 UTC, Jeremy Allison 		vl: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2012-08-07 23:51:44 UTC 
A timed brlock with 2 locks comes in and the second one blocks,
file is closed. smbd_cancel_pending_lock_requests_by_fid sets
blr->fsp to NULL. reply_lockingX_error (called via
MSG_SMB_BLOCKING_LOCK_CANCEL) deferences blr->fsp because
blr->lock_num==1 (the second one blocked).

Thanks to Peter Somogyi, somogyi@hu.ibm.com for this bug report.
Comment 1 Jeremy Allison 2012-08-07 23:53:18 UTC 
Created attachment 7746 [details]
git-am fix for 3.6.next

Volker's patch for master, back ported to 3.6.next.
Comment 2 Jeremy Allison 2012-08-08 00:16:59 UTC 
Comment on attachment 7746 [details]
git-am fix for 3.6.next

Patch also applies cleanly to 3.5.next.
Comment 3 Jeremy Allison 2012-08-08 04:08:07 UTC 
Comment on attachment 7746 [details]
git-am fix for 3.6.next

Now you're interested, Metze :-)
Comment 4 Jeremy Allison 2012-08-08 17:25:12 UTC 
Re-assigned to Karolin for inclusion in 3.6.next and 3.5.next.

Thanks !

Jeremy.
Comment 5 Karolin Seeger 2012-08-13 05:28:20 UTC 
Pushed to v3-5-test and v3-6-test.
Will be included in the next bugfix releases.
Closing out bug report.

Thanks a lot!