From 72ceb73ec8498f1cfb89f428891026bf6b6b366c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 2 May 2015 16:09:40 +0200 Subject: s3:smbXsrv_session: clear smb2req->session of pending requests in smbXsrv_session_destructor() This won't be needed typically needed as the caller is supposted to cancel the requests already, but this makes sure we don't keep dangling pointers. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit 7fea42110596e8e9da0155d726aaa72223107fbd) --- source3/smbd/smbXsrv_session.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/source3/smbd/smbXsrv_session.c b/source3/smbd/smbXsrv_session.c index 7eca9682853..14457cf8095 100644 --- a/source3/smbd/smbXsrv_session.c +++ b/source3/smbd/smbXsrv_session.c @@ -1060,6 +1060,29 @@ NTSTATUS smb2srv_session_close_previous_recv(struct tevent_req *req) static int smbXsrv_session_destructor(struct smbXsrv_session *session) { NTSTATUS status; + struct smbXsrv_connection *xconn = NULL; + + if (session->client != NULL) { + xconn = session->client->connections; + } + + for (; xconn != NULL; xconn = xconn->next) { + struct smbd_smb2_request *preq; + + for (preq = xconn->smb2.requests; preq != NULL; preq = preq->next) { + if (preq->session != session) { + continue; + } + + preq->session = NULL; + /* + * If we no longer have a session we can't + * sign or encrypt replies. + */ + preq->do_signing = false; + preq->do_encryption = false; + } + } status = smbXsrv_session_logoff(session); if (!NT_STATUS_IS_OK(status)) { -- cgit v1.2.1