diff options
author | Volker Lendecke <vl@samba.org> | 2018-09-03 15:54:48 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2018-09-05 13:35:22 +0200 |
commit | 592bdff15e01b83111aa35291dd9434a18cf5c2c (patch) | |
tree | 5d83009b9f07194fbac87ed79dbe2d7a9ac931a7 /source3/locking | |
parent | 8f1183d53aa2e1b282d2954c11495552546a9899 (diff) | |
download | samba-592bdff15e01b83111aa35291dd9434a18cf5c2c.tar.gz |
smbd: Fix a memleak in async search ask sharemode
fetch_share_mode_unlocked_parser() takes a "struct
fetch_share_mode_unlocked_state *" as
"private_data". fetch_share_mode_send() used a talloc_zero'ed "struct
share_mode_lock". This lead to the parser putting a "struct
share_mode_lock on the NULL talloc_context where nobody really picked it
up.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13602
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0bd109b733fbce774feae2142d25f7e828b56bcb)
Diffstat (limited to 'source3/locking')
-rw-r--r-- | source3/locking/share_mode_lock.c | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/source3/locking/share_mode_lock.c b/source3/locking/share_mode_lock.c index cee00458079..ec17bca98a6 100644 --- a/source3/locking/share_mode_lock.c +++ b/source3/locking/share_mode_lock.c @@ -673,7 +673,7 @@ static void fetch_share_mode_done(struct tevent_req *subreq); struct fetch_share_mode_state { struct file_id id; TDB_DATA key; - struct share_mode_lock *lck; + struct fetch_share_mode_unlocked_state parser_state; enum dbwrap_req_state req_state; }; @@ -721,17 +721,14 @@ struct tevent_req *fetch_share_mode_send(TALLOC_CTX *mem_ctx, state->id = id; state->key = locking_key(&state->id); - state->lck = talloc_zero(state, struct share_mode_lock); - if (tevent_req_nomem(state->lck, req)) { - return tevent_req_post(req, ev); - } + state->parser_state.mem_ctx = state; subreq = dbwrap_parse_record_send(state, ev, lock_db, state->key, fetch_share_mode_unlocked_parser, - state->lck, + &state->parser_state, &state->req_state); if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); @@ -775,12 +772,12 @@ NTSTATUS fetch_share_mode_recv(struct tevent_req *req, return status; } - if (state->lck->data == NULL) { + if (state->parser_state.lck->data == NULL) { tevent_req_received(req); return NT_STATUS_NOT_FOUND; } - lck = talloc_move(mem_ctx, &state->lck); + lck = talloc_move(mem_ctx, &state->parser_state.lck); if (DEBUGLEVEL >= 10) { DBG_DEBUG("share_mode_data:\n"); |