Fix crash bug on smbd shutdown when using FOPENDIR() found by Volker.

The key was allowing the dptr_idle code to be triggered. We were
closing the dirp->dir handle without updating the underlying fd
in the open fsp.

Jeremy.

diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index b9791e9dab6d4a1ab45372b466d97f89f70c5de6..350c4e5b77dec5cd5e01cb9ccf209098d7565410 100644 (file)
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -575,7 +575,9 @@ void dptr_CloseDir(files_struct *fsp)
  * present. I hate Solaris. JRA.
  */
 #ifdef HAVE_DIRFD
-               if (fsp->fh->fd == dirfd(fsp->dptr->dir_hnd->dir)) {
+               if (fsp->fh->fd != -1 &&
+                               fsp->dptr->dir_hnd &&
+                               dirfd(fsp->dptr->dir_hnd->dir)) {
                        /* The call below closes the underlying fd. */
                        fsp->fh->fd = -1;
                }
@@ -1311,6 +1313,16 @@ bool is_visible_file(connection_struct *conn, const char *dir_path,
 static int smb_Dir_destructor(struct smb_Dir *dirp)
 {
        if (dirp->dir) {
+#ifdef HAVE_DIRFD
+               if (dirp->conn->sconn) {
+                       files_struct *fsp = file_find_fd(dirp->conn->sconn,
+                                               dirfd(dirp->dir));
+                       if (fsp) {
+                               /* The call below closes the underlying fd. */
+                               fsp->fh->fd = -1;
+                       }
+               }
+#endif
                SMB_VFS_CLOSEDIR(dirp->conn,dirp->dir);
        }
        if (dirp->conn->sconn) {