Changeset 338 for branches/samba-3.3.x/source/smbd/process.c

Timestamp:

Oct 8, 2009, 8:10:05 AM (16 years ago)

Author:

Herwig Bauernfeind

Message:

Update 3.3. to 3.3.8 (security update)

File:

• branches/samba-3.3.x/source/smbd/process.c (modified) (8 diffs)

branches/samba-3.3.x/source/smbd/process.c

@@ -439 +439 @@
         msg->end_time = end_time;
         msg->encrypted = req->encrypted;
+        msg->processed = false;
 
         if (private_data) {
@@ -494 +495 @@
                         (unsigned int)msg_mid ));
                 if (mid == msg_mid) {
+
+                        if (pml->processed) {
+                                /* A processed message should not be
+                                 * rescheduled. */
+                                DEBUG(0,("schedule_deferred_open_smb_message: LOGIC ERROR "
+                                        "message mid %u was already processed\n",
+                                        (unsigned int)msg_mid ));
+                                continue;
+                        }
+
                         DEBUG(10,("schedule_deferred_open_smb_message: scheduling mid %u\n",
                                 mid ));
@@ -508 +519 @@
 
 /****************************************************************************
- Return true if this mid is on the deferred queue.
+ Return true if this mid is on the deferred queue and was not yet processed.
 ****************************************************************************/
 
@@ -516 +527 @@
 
         for (pml = deferred_open_queue; pml; pml = pml->next) {
-                if (SVAL(pml->buf.data,smb_mid) == mid) {
+                if (SVAL(pml->buf.data,smb_mid) == mid && !pml->processed) {
                         return True;
                 }
@@ -785 +796 @@
                            know this is a retry. */
                         DEBUG(5,("receive_message_or_smb: returning deferred open smb message.\n"));
+
+                        /* Mark the message as processed so this is not
+                         * re-processed in error. */
+                        msg->processed = true;
                         return NT_STATUS_OK;
                 }
@@ -1429 +1444 @@
                 if (!change_to_user(conn,session_tag)) {
                         reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRbaduid));
-                        remove_deferred_open_smb_message(req->mid);
                         return conn;
                 }
@@ -1494 +1508 @@
 static void construct_reply(char *inbuf, int size, size_t unread_bytes, bool encrypted)
 {
+        struct pending_message_list *pml = NULL;
         uint8 type = CVAL(inbuf,smb_com);
         connection_struct *conn;
@@ -1508 +1523 @@
 
         conn = switch_message(type, req, size);
+
+        /* If this was a deferred message and it's still there and
+         * was processed, remove it. */
+        pml = get_open_deferred_message(req->mid);
+        if (pml && pml->processed) {
+                remove_deferred_open_smb_message(req->mid);
+        }
 
         if (req->unread_bytes) {