Bug 9084 - Blocking lock followed by close can crash smbd.
Summary: Blocking lock followed by close can crash smbd.
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: File services (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Reported: 2012-08-07 23:51 UTC by Jeremy Allison
Modified: 2020-12-11 08:26 UTC (History)
1 user (show)

See Also:

git-am fix for 3.6.next (2.21 KB, patch)
2012-08-07 23:53 UTC, Jeremy Allison
vl: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2012-08-07 23:51:44 UTC
A timed brlock with 2 locks comes in and the second one blocks,
file is closed. smbd_cancel_pending_lock_requests_by_fid sets
blr->fsp to NULL. reply_lockingX_error (called via
MSG_SMB_BLOCKING_LOCK_CANCEL) deferences blr->fsp because
blr->lock_num==1 (the second one blocked).

Thanks to Peter Somogyi, somogyi@hu.ibm.com for this bug report.
Comment 1 Jeremy Allison 2012-08-07 23:53:18 UTC
Created attachment 7746 [details]
git-am fix for 3.6.next

Volker's patch for master, back ported to 3.6.next.
Comment 2 Jeremy Allison 2012-08-08 00:16:59 UTC
Comment on attachment 7746 [details]
git-am fix for 3.6.next

Patch also applies cleanly to 3.5.next.
Comment 3 Jeremy Allison 2012-08-08 04:08:07 UTC
Comment on attachment 7746 [details]
git-am fix for 3.6.next

Now you're interested, Metze :-)
Comment 4 Jeremy Allison 2012-08-08 17:25:12 UTC
Re-assigned to Karolin for inclusion in 3.6.next and 3.5.next.

Thanks !

Comment 5 Karolin Seeger 2012-08-13 05:28:20 UTC
Pushed to v3-5-test and v3-6-test.
Will be included in the next bugfix releases.
Closing out bug report.

Thanks a lot!