diff options
| author | Jeremy Allison <jra@samba.org> | 2014-05-01 10:58:51 -0700 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2014-05-19 12:20:12 +0200 |
| commit | 25aacde2983eb12537bf0723ec3031d3776012d8 (patch) | |
| tree | 276a410ca70efacee8abf9c7ba7d774957bece36 /source3 | |
| parent | c412f6286f52e55fc9964ba8a1c25713609d3ea1 (diff) | |
| download | samba-25aacde2983eb12537bf0723ec3031d3776012d8.tar.gz | |
s3 : smbd : Protect all possible code paths from fsp->op == NULL.
In changes to come this will be possible for an INTERNAL_OPEN_ONLY.
The protection was already in place for some code paths, this
makes the coverage compete.
Bug 10564 - Lock order violation and file lost
https://bugzilla.samba.org/show_bug.cgi?id=10564
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/locking/brlock.c | 16 | ||||
| -rw-r--r-- | source3/smbd/aio.c | 10 | ||||
| -rw-r--r-- | source3/smbd/scavenger.c | 3 |
3 files changed, 27 insertions, 2 deletions
diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c index de665c8b34d..1a912c747cc 100644 --- a/source3/locking/brlock.c +++ b/source3/locking/brlock.c @@ -1526,12 +1526,18 @@ void brl_close_fnum(struct messaging_context *msg_ctx, bool brl_mark_disconnected(struct files_struct *fsp) { uint32_t tid = fsp->conn->cnum; - uint64_t smblctx = fsp->op->global->open_persistent_id; + uint64_t smblctx; uint64_t fnum = fsp->fnum; unsigned int i; struct server_id self = messaging_server_id(fsp->conn->sconn->msg_ctx); struct byte_range_lock *br_lck = NULL; + if (fsp->op == NULL) { + return false; + } + + smblctx = fsp->op->global->open_persistent_id; + if (!fsp->op->global->durable) { return false; } @@ -1586,12 +1592,18 @@ bool brl_mark_disconnected(struct files_struct *fsp) bool brl_reconnect_disconnected(struct files_struct *fsp) { uint32_t tid = fsp->conn->cnum; - uint64_t smblctx = fsp->op->global->open_persistent_id; + uint64_t smblctx; uint64_t fnum = fsp->fnum; unsigned int i; struct server_id self = messaging_server_id(fsp->conn->sconn->msg_ctx); struct byte_range_lock *br_lck = NULL; + if (fsp->op == NULL) { + return false; + } + + smblctx = fsp->op->global->open_persistent_id; + if (!fsp->op->global->durable) { return false; } diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c index 3d43b2cef6a..8a2a7cb3734 100644 --- a/source3/smbd/aio.c +++ b/source3/smbd/aio.c @@ -688,6 +688,11 @@ NTSTATUS schedule_smb2_aio_read(connection_struct *conn, return NT_STATUS_RETRY; } + if (fsp->op == NULL) { + /* No AIO on internal opens. */ + return NT_STATUS_RETRY; + } + if ((!min_aio_read_size || (smb_maxcnt < min_aio_read_size)) && !SMB_VFS_AIO_FORCE(fsp)) { /* Too small a read for aio request. */ @@ -839,6 +844,11 @@ NTSTATUS schedule_aio_smb2_write(connection_struct *conn, return NT_STATUS_RETRY; } + if (fsp->op == NULL) { + /* No AIO on internal opens. */ + return NT_STATUS_RETRY; + } + if ((!min_aio_write_size || (in_data.length < min_aio_write_size)) && !SMB_VFS_AIO_FORCE(fsp)) { /* Too small a write for aio request. */ diff --git a/source3/smbd/scavenger.c b/source3/smbd/scavenger.c index e6e28788065..122305e04bf 100644 --- a/source3/smbd/scavenger.c +++ b/source3/smbd/scavenger.c @@ -418,6 +418,9 @@ void scavenger_schedule_disconnected(struct files_struct *fsp) struct scavenger_message msg; DATA_BLOB msg_blob; + if (fsp->op == NULL) { + return; + } nttime_to_timeval(&disconnect_time, fsp->op->global->disconnect_time); timeout_usec = 1000 * fsp->op->global->durable_timeout_msec; until = timeval_add(&disconnect_time, |