From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 2 May 2015 14:09:40 +0000 (+0200)
Subject: s3:smbXsrv_session: clear smb2req->session of pending requests in smbXsrv_session_des... 
X-Git-Tag: samba-4.1.19~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=21fd82d124e04ced57357b76cd290cc57264b8dd;p=thirdparty%2Fsamba.git

s3:smbXsrv_session: clear smb2req->session of pending requests in smbXsrv_session_destructor()

This won't be needed typically needed as the caller is supposted to cancel
the requests already, but this makes sure we don't keep dangling pointers.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(similar to commit 7fea42110596e8e9da0155d726aaa72223107fbd)
---

diff --git a/source3/smbd/smbXsrv_session.c b/source3/smbd/smbXsrv_session.c
index 017880ca283..5391fc60018 100644
--- a/source3/smbd/smbXsrv_session.c
+++ b/source3/smbd/smbXsrv_session.c
@@ -1062,6 +1062,25 @@ NTSTATUS smb2srv_session_close_previous_recv(struct tevent_req *req)
 static int smbXsrv_session_destructor(struct smbXsrv_session *session)
 {
 	NTSTATUS status;
+	struct smbd_smb2_request *preq = NULL;
+
+	if (session->connection != NULL) {
+		preq = session->connection->sconn->smb2.requests;
+	}
+
+	for (; preq != NULL; preq = preq->next) {
+		if (preq->session != session) {
+			continue;
+		}
+
+		preq->session = NULL;
+		/*
+		 * If we no longer have a session we can't
+		 * sign or encrypt replies.
+		 */
+		preq->do_signing = false;
+		preq->do_encryption = false;
+	}
 
 	status = smbXsrv_session_logoff(session);
 	if (!NT_STATUS_IS_OK(status)) {