From 6358dcf90a8c69d0052d3fe52a1378588feafd30 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Thu, 28 Jun 2007 01:16:44 +0000 Subject: [PATCH] DEVEL15-windows-smb-race-20070627 avoid a race condition when the smb_fidp is closed and an active request is being performed on the referenced cm_scache_t. (cherry picked from commit 7ecca7a58a5cd64c78ee20c712dfe8f419992678) --- src/WINNT/afsd/smb3.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/WINNT/afsd/smb3.c b/src/WINNT/afsd/smb3.c index 3207a9d01..e1887d3c3 100644 --- a/src/WINNT/afsd/smb3.c +++ b/src/WINNT/afsd/smb3.c @@ -6189,6 +6189,7 @@ long smb_ReceiveV3WriteX(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp) cm_key_t key; LARGE_INTEGER LOffset; LARGE_INTEGER LLength; + cm_scache_t * scp; pid = ((smb_t *) inp)->pid; key = cm_GenerateKey(vcp->vcID, pid, fd); @@ -6198,9 +6199,10 @@ long smb_ReceiveV3WriteX(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp) LLength.HighPart = 0; LLength.LowPart = count; - lock_ObtainMutex(&fidp->scp->mx); - code = cm_LockCheckWrite(fidp->scp, LOffset, LLength, key); - lock_ReleaseMutex(&fidp->scp->mx); + scp = fidp->scp; + lock_ObtainMutex(&scp->mx); + code = cm_LockCheckWrite(scp, LOffset, LLength, key); + lock_ReleaseMutex(&scp->mx); if (code) goto done; @@ -6309,15 +6311,17 @@ long smb_ReceiveV3ReadX(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp) key = cm_GenerateKey(vcp->vcID, pid, fd); { LARGE_INTEGER LOffset, LLength; + cm_scache_t *scp; LOffset.HighPart = offset.HighPart; LOffset.LowPart = offset.LowPart; LLength.HighPart = 0; LLength.LowPart = count; - lock_ObtainMutex(&fidp->scp->mx); - code = cm_LockCheckRead(fidp->scp, LOffset, LLength, key); - lock_ReleaseMutex(&fidp->scp->mx); + scp = fidp->scp; + lock_ObtainMutex(&scp->mx); + code = cm_LockCheckRead(scp, LOffset, LLength, key); + lock_ReleaseMutex(&scp->mx); } if (code) { -- 2.39.5