diff options
| author | Stefan Metzmacher <metze@samba.org> | 2018-04-11 12:14:59 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2018-04-12 17:26:40 +0200 |
| commit | fb602bddc4f968310b958f5aaaafd06eb8857a39 (patch) | |
| tree | 49f4d7d4078f6a511e834b6f260c5717805ea3dd | |
| parent | e1c58ec4eed3479cb28f90b3982648dcf7cf88fb (diff) | |
| download | samba-fb602bddc4f968310b958f5aaaafd06eb8857a39.tar.gz | |
s3:smb2_server: correctly maintain request counters for compound requests
If a session expires during a compound request chain,
we exit smbd_smb2_request_dispatch() with
'return smbd_smb2_request_error(req, ...)' before
calling smbd_smb2_request_dispatch_update_counts().
As req->request_counters_updated was only reset
within smbd_smb2_request_dispatch_update_counts(),
smbd_smb2_request_reply_update_counts() was called
twice on the same request, which triggers
SMB_ASSERT(op->request_count > 0);
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 87e25cd1e45bfe57292b62ffc44ddafc01c61ca0)
| -rw-r--r-- | source3/smbd/smb2_server.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 573f5f6be8c..23eb4b68428 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -2148,7 +2148,7 @@ static NTSTATUS smbd_smb2_request_dispatch_update_counts( bool update_open = false; NTSTATUS status = NT_STATUS_OK; - req->request_counters_updated = false; + SMB_ASSERT(!req->request_counters_updated); if (xconn->protocol < PROTOCOL_SMB2_22) { return NT_STATUS_OK; @@ -2283,6 +2283,8 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) DO_PROFILE_INC(request); + SMB_ASSERT(!req->request_counters_updated); + /* TODO: verify more things */ flags = IVAL(inhdr, SMB2_HDR_FLAGS); @@ -2722,6 +2724,8 @@ static void smbd_smb2_request_reply_update_counts(struct smbd_smb2_request *req) return; } + req->request_counters_updated = false; + if (xconn->protocol < PROTOCOL_SMB2_22) { return; } |