s3: libsmb: Fix valgrind read-after-free error in cli_smb2_close_fnum_recv().

cli_smb2_close_fnum_recv() uses tevent_req_simple_recv_ntstatus(req), which frees req, then uses the state pointer which was owned by req. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13171 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Nov 30 05:47:12 CET 2017 on sn-devel-144 (cherry picked from commit 5c8032b6b8ce4439b3ef8f43a62a419f081eb787)
author: Jeremy Allison <jra@samba.org> 2017-11-29 09:21:30 -0800
committer: Karolin Seeger <kseeger@samba.org> 2017-12-05 10:34:27 +0100
commit: ac32a770fc1fad988629654039119278e0c1afa4 (patch)
tree: 4d3487b6b71d66cb6725146cd514fab48dde199d /source3/libsmb
parent: 0fcdf5db90a05ee95c30ddfa32f3868702b77628 (diff)
download: samba-ac32a770fc1fad988629654039119278e0c1afa4.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index 5d46d543002..237e6bb2b54 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -449,8 +449,12 @@ NTSTATUS cli_smb2_close_fnum_recv(struct tevent_req *req)
 {
 	struct cli_smb2_close_fnum_state *state = tevent_req_data(
 		req, struct cli_smb2_close_fnum_state);
-	NTSTATUS status = tevent_req_simple_recv_ntstatus(req);
-	state->cli->raw_status = status;
+	NTSTATUS status = NT_STATUS_OK;
+
+	if (tevent_req_is_nterror(req, &status)) {
+		state->cli->raw_status = status;
+	}
+	tevent_req_received(req);
 	return status;
 }
author	Jeremy Allison <jra@samba.org>	2017-11-29 09:21:30 -0800
committer	Karolin Seeger <kseeger@samba.org>	2017-12-05 10:34:27 +0100
commit	ac32a770fc1fad988629654039119278e0c1afa4 (patch)
tree	4d3487b6b71d66cb6725146cd514fab48dde199d /source3/libsmb
parent	0fcdf5db90a05ee95c30ddfa32f3868702b77628 (diff)
download	samba-ac32a770fc1fad988629654039119278e0c1afa4.tar.gz