s3:smbXsrv_session: clear smb2req->session of pending requests in smbXsrv_session_des...

This won't be needed typically needed as the caller is supposted to cancel
the requests already, but this makes sure we don't keep dangling pointers.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/smbd/smbXsrv_session.c b/source3/smbd/smbXsrv_session.c
index a49e2461c2bec5333894f4873e59d9b838c2ea63..41625fce8580d5f8ce1c0e8070e31ad1e8e27662 100644 (file)
--- a/source3/smbd/smbXsrv_session.c
+++ b/source3/smbd/smbXsrv_session.c
@@ -1066,6 +1066,29 @@ NTSTATUS smb2srv_session_close_previous_recv(struct tevent_req *req)
 static int smbXsrv_session_destructor(struct smbXsrv_session *session)
 {
        NTSTATUS status;
+       struct smbXsrv_connection *xconn = NULL;
+
+       if (session->client != NULL) {
+               xconn = session->client->connections;
+       }
+
+       for (; xconn != NULL; xconn = xconn->next) {
+               struct smbd_smb2_request *preq;
+
+               for (preq = xconn->smb2.requests; preq != NULL; preq = preq->next) {
+                       if (preq->session != session) {
+                               continue;
+                       }
+
+                       preq->session = NULL;
+                       /*
+                        * If we no longer have a session we can't
+                        * sign or encrypt replies.
+                        */
+                       preq->do_signing = false;
+                       preq->do_encryption = false;
+               }
+       }
 
        status = smbXsrv_session_logoff(session);
        if (!NT_STATUS_IS_OK(status)) {