g_lock: fix cleanup of stale entries in g_lock_trylock()

g_lock_trylock() always incremented the counter 'i', even after cleaning a stale
entry at position 'i', which means it skipped checking for a conflict against
the new entry at position 'i'.

As result a process could get a write lock, while there're still
some read lock holders. Once we get into that problem, also more than
one write lock are possible.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13195

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Dec 20 20:31:48 CET 2017 on sn-devel-144
(similar to commit 576fb4fb5dc506bf55e5cf87973999dca444149b)

Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Fri Dec 22 22:11:00 CET 2017 on sn-devel-144

diff --git a/source3/lib/g_lock.c b/source3/lib/g_lock.c
index f9549789bee7d35a59346d39a6f5ef7ef7d16f64..6a661cd567a5b6db2d62d8e539c2815921652fe1 100644 (file)
--- a/source3/lib/g_lock.c
+++ b/source3/lib/g_lock.c
@@ -133,7 +133,9 @@ static NTSTATUS g_lock_trylock(struct db_record *rec, struct server_id self,
                return NT_STATUS_INTERNAL_ERROR;
        }
 
-       for (i=0; i<num_locks; i++) {
+       i=0;
+
+       while (i < num_locks) {
                if (serverid_equal(&self, &locks[i].pid)) {
                        status = NT_STATUS_INTERNAL_ERROR;
                        goto done;
@@ -160,7 +162,9 @@ static NTSTATUS g_lock_trylock(struct db_record *rec, struct server_id self,
                        locks[i] = locks[num_locks-1];
                        num_locks -= 1;
                        modified = true;
+                       continue;
                }
+               i++;
        }
 
        tmp = talloc_realloc(talloc_tos(), locks, struct g_lock_rec,