From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 3 Aug 2023 13:34:29 +0000 (+0200)
Subject: s3:smbd: always clear filter_subreq in smb2srv_client_mc_negprot_next()
X-Git-Tag: samba-4.17.11~50
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f3d5e3add54184bc34d57866a7b566b64e54117c;p=thirdparty%2Fsamba.git

s3:smbd: always clear filter_subreq in smb2srv_client_mc_negprot_next()

Commit 5d66d5b84f87267243dcd5223210906ce589af91 introduced a
'verify_again:' target, if we ever hit that, we would leak
the existing filter_subreq.

Moving it just above a possible messaging_filtered_read_send()
will allow us to only clear it if we actually create a new
request. That will help us in the next commits.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 50d61e5300250922bf36bb699306f82dff6a00b9)
---

diff --git a/source3/smbd/smbXsrv_client.c b/source3/smbd/smbXsrv_client.c
index f57bc724910..4d3fe30f812 100644
--- a/source3/smbd/smbXsrv_client.c
+++ b/source3/smbd/smbXsrv_client.c
@@ -554,7 +554,6 @@ static void smb2srv_client_mc_negprot_next(struct tevent_req *req)
 	uint32_t seqnum = 0;
 	struct server_id last_server_id = { .pid = 0, };
 
-	TALLOC_FREE(state->filter_subreq);
 	SMB_ASSERT(state->db_rec == NULL);
 	state->db_rec = smbXsrv_client_global_fetch_locked(table->global.db_ctx,
 							   &client_guid,
@@ -635,6 +634,7 @@ verify_again:
 	SMB_ASSERT(last_server_id.pid == 0);
 	last_server_id = global->server_id;
 
+	TALLOC_FREE(state->filter_subreq);
 	if (procid_is_local(&global->server_id)) {
 		subreq = messaging_filtered_read_send(state,
 						      state->ev,