From: Andreas Schneider <asn@samba.org>
Date: Wed, 11 Apr 2012 12:15:54 +0000 (+0200)
Subject: s4-smb2: Fix a talloc crash bug.
X-Git-Tag: ldb-1.1.6~137
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dba2ed9ac1710aff2ecc3e9f9463b786e90cd9e3;p=thirdparty%2Fsamba.git

s4-smb2: Fix a talloc crash bug.

The talloc context needs to be initialzed or NULL. So move
talloc_steal() to the position where req is initialized.

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Apr 11 15:59:39 CEST 2012 on sn-devel-104
---

diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c
index 3b54c977f24..19ab20b9413 100644
--- a/source4/smb_server/smb2/receive.c
+++ b/source4/smb_server/smb2/receive.c
@@ -164,8 +164,6 @@ static void smb2srv_chain_reply(struct smb2srv_request *p_req)
 	uint32_t flags;
 	uint32_t last_hdr_offset;
 
-	talloc_steal(req, p_req);
-
 	last_hdr_offset = p_req->in.hdr - p_req->in.buffer;
 
 	chain_offset = p_req->chain_offset;
@@ -192,6 +190,8 @@ static void smb2srv_chain_reply(struct smb2srv_request *p_req)
 		return;
 	}
 
+	talloc_steal(req, p_req);
+
 	req->in.buffer		= talloc_steal(req, p_req->in.buffer);
 	req->in.size		= p_req->in.size;
 	req->request_time	= p_req->request_time;