Fix crash when rescheduling oplock open.

Jeremy.

diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index 6a118c3947d8fdd592262ff6eb9461a74912ae71..3302730fbe07cc3bc797b6b07b1fd0f53c9fb2e7 100644 (file)
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -981,6 +981,15 @@ void schedule_deferred_open_message_smb2(uint64_t mid)
        /* Ensure we don't have any outstanding timer event. */
        TALLOC_FREE(state->te);
 
+       /*
+        * This is subtle. We must null out the callback
+        * before resheduling, else the first call to
+        * tevent_req_nterror() causes the _receive()
+        * function to be called, this causing tevent_req_post()
+        * to crash.
+        */
+       tevent_req_set_callback(smb2req->subreq, NULL, NULL);
+
        im = tevent_create_immediate(smb2req);
        if (!im) {
                smbd_server_connection_terminate(smb2req->sconn,