From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 19 Jun 2008 07:59:57 +0000 (+1000)
Subject: Fix segfault caused by talloc_free() being called while still processing
X-Git-Tag: samba-4.0.0alpha5~37
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=33789111241a1d97fc105ec4edd7b8054895b28c;p=thirdparty%2Fsamba.git

Fix segfault caused by talloc_free() being called while still processing

The problem here was that with the packet code set to serialise, we
can have multiple packets 'processing' at once, and previously the
second packet (allowed because we are spining on an event context down
the stack) would clear the flag.

Andrew Bartlett
---

diff --git a/source/smbd/service_stream.c b/source/smbd/service_stream.c
index e27d87ec750..f27560f6ee4 100644
--- a/source/smbd/service_stream.c
+++ b/source/smbd/service_stream.c
@@ -85,13 +85,13 @@ void stream_terminate_connection(struct stream_connection *srv_conn, const char
 */
 static void stream_io_handler(struct stream_connection *conn, uint16_t flags)
 {
-	conn->processing = true;
+	conn->processing++;
 	if (flags & EVENT_FD_WRITE) {
 		conn->ops->send_handler(conn, flags);
 	} else if (flags & EVENT_FD_READ) {
 		conn->ops->recv_handler(conn, flags);
 	}
-	conn->processing = false;
+	conn->processing--;
 
 	if (conn->terminate) {
 		stream_terminate_connection(conn, conn->terminate);