aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2018-09-03 15:54:48 +0200
committerStefan Metzmacher <metze@samba.org>2018-09-05 13:31:41 +0200
commit91a5d382bc0baf66a4701901a7e2096071ce1219 (patch)
treec38211b9e8fe45c8fe4d1fc3a1ac772e88febcd7
parent8385a0c84bb71304584c3742a21998d2b07fa6c0 (diff)
downloadsamba-91a5d382bc0baf66a4701901a7e2096071ce1219.tar.gz
samba-91a5d382bc0baf66a4701901a7e2096071ce1219.tar.xz
samba-91a5d382bc0baf66a4701901a7e2096071ce1219.zip
smbd: Fix a memleak in async search ask sharemode
fetch_share_mode_unlocked_parser() takes a "struct fetch_share_mode_unlocked_state *" as "private_data". fetch_share_mode_send() used a talloc_zero'ed "struct share_mode_lock". This lead to the parser putting a "struct share_mode_lock on the NULL talloc_context where nobody really picked it up. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13602 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 0bd109b733fbce774feae2142d25f7e828b56bcb)
-rw-r--r--source3/locking/share_mode_lock.c13
1 files changed, 5 insertions, 8 deletions
diff --git a/source3/locking/share_mode_lock.c b/source3/locking/share_mode_lock.c
index cee00458079..ec17bca98a6 100644
--- a/source3/locking/share_mode_lock.c
+++ b/source3/locking/share_mode_lock.c
@@ -673,7 +673,7 @@ static void fetch_share_mode_done(struct tevent_req *subreq);
struct fetch_share_mode_state {
struct file_id id;
TDB_DATA key;
- struct share_mode_lock *lck;
+ struct fetch_share_mode_unlocked_state parser_state;
enum dbwrap_req_state req_state;
};
@@ -721,17 +721,14 @@ struct tevent_req *fetch_share_mode_send(TALLOC_CTX *mem_ctx,
state->id = id;
state->key = locking_key(&state->id);
- state->lck = talloc_zero(state, struct share_mode_lock);
- if (tevent_req_nomem(state->lck, req)) {
- return tevent_req_post(req, ev);
- }
+ state->parser_state.mem_ctx = state;
subreq = dbwrap_parse_record_send(state,
ev,
lock_db,
state->key,
fetch_share_mode_unlocked_parser,
- state->lck,
+ &state->parser_state,
&state->req_state);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
@@ -775,12 +772,12 @@ NTSTATUS fetch_share_mode_recv(struct tevent_req *req,
return status;
}
- if (state->lck->data == NULL) {
+ if (state->parser_state.lck->data == NULL) {
tevent_req_received(req);
return NT_STATUS_NOT_FOUND;
}
- lck = talloc_move(mem_ctx, &state->lck);
+ lck = talloc_move(mem_ctx, &state->parser_state.lck);
if (DEBUGLEVEL >= 10) {
DBG_DEBUG("share_mode_data:\n");