s3:smbXsrv_session: clear smb2req->session of pending requests in smbXsrv_session_des...

This won't be needed typically needed as the caller is supposted to cancel
the requests already, but this makes sure we don't keep dangling pointers.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(similar to commit 7fea42110596e8e9da0155d726aaa72223107fbd)

diff --git a/source3/smbd/smbXsrv_session.c b/source3/smbd/smbXsrv_session.c
index 017880ca283c2321cde124523e36850801d44268..5391fc600183cb0b9fe4d9210b87fc37cdd1db12 100644 (file)
--- a/source3/smbd/smbXsrv_session.c
+++ b/source3/smbd/smbXsrv_session.c
@@ -1062,6 +1062,25 @@ NTSTATUS smb2srv_session_close_previous_recv(struct tevent_req *req)
 static int smbXsrv_session_destructor(struct smbXsrv_session *session)
 {
        NTSTATUS status;
+       struct smbd_smb2_request *preq = NULL;
+
+       if (session->connection != NULL) {
+               preq = session->connection->sconn->smb2.requests;
+       }
+
+       for (; preq != NULL; preq = preq->next) {
+               if (preq->session != session) {
+                       continue;
+               }
+
+               preq->session = NULL;
+               /*
+                * If we no longer have a session we can't
+                * sign or encrypt replies.
+                */
+               preq->do_signing = false;
+               preq->do_encryption = false;
+       }
 
        status = smbXsrv_session_logoff(session);
        if (!NT_STATUS_IS_OK(status)) {