Author: metze Date: 2005-11-10 09:12:36 +0000 (Thu, 10 Nov 2005) New Revision: 11635
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11635 Log: fix a handling of packet_send in the smb client lib this was cause of the PANIC on the build farm on metze01 as we use req->out.buffer from the old request in the smb_raw_ntcancel() and send a 0 TID, that causes our server code to crash (a fix for the server code will follow) metze Modified: branches/SAMBA_4_0/source/libcli/raw/clitransport.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/raw/clitransport.c =================================================================== --- branches/SAMBA_4_0/source/libcli/raw/clitransport.c 2005-11-10 07:12:17 UTC (rev 11634) +++ branches/SAMBA_4_0/source/libcli/raw/clitransport.c 2005-11-10 09:12:36 UTC (rev 11635) @@ -559,7 +559,16 @@ return; } - /* put it on the socket queue */ + /* put it on the socket queue + * - as the buffer is a part of the smbcli_request struct + * we need to reference it here, because packet_queue_run() + * will call talloc_free() on it + */ + if (!talloc_reference(req, req->out.buffer)) { + req->state = SMBCLI_REQUEST_ERROR; + req->status = NT_STATUS_NO_MEMORY; + return; + } blob = data_blob_const(req->out.buffer, req->out.size); status = packet_send(req->transport->packet, blob); if (!NT_STATUS_IS_OK(status)) {
