Fix interesting bug found with make valgrindtest. When cancelling

a lock due to file closure make sure we null out the fsp pointer
so it isn't dangling. This is an old bug (not related to the new
changes).
Jeremy.
(This used to be commit b5ee972b0c04b4d119573d95ac458a3b6be30c5c)

diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c
index c56f635dde447eea3b2b09a8425473477a073a8b..41963166f7d119c60b7b70fc515c7715e16432d7 100644 (file)
--- a/source3/smbd/blocking.c
+++ b/source3/smbd/blocking.c
@@ -303,19 +303,20 @@ static void generic_blocking_lock_error(blocking_lock_record *blr, NTSTATUS stat
                /* Store the last lock error. */
                files_struct *fsp = blr->fsp;
 
-               fsp->last_lock_failure.context.smbpid = blr->lock_pid;
-               fsp->last_lock_failure.context.tid = fsp->conn->cnum;
-               fsp->last_lock_failure.context.pid = procid_self();
-               fsp->last_lock_failure.start = blr->offset;
-               fsp->last_lock_failure.size = blr->count;
-               fsp->last_lock_failure.fnum = fsp->fnum;
-               fsp->last_lock_failure.lock_type = READ_LOCK; /* Don't care. */
-               fsp->last_lock_failure.lock_flav = blr->lock_flav;
+               if (fsp) {
+                       fsp->last_lock_failure.context.smbpid = blr->lock_pid;
+                       fsp->last_lock_failure.context.tid = fsp->conn->cnum;
+                       fsp->last_lock_failure.context.pid = procid_self();
+                       fsp->last_lock_failure.start = blr->offset;
+                       fsp->last_lock_failure.size = blr->count;
+                       fsp->last_lock_failure.fnum = fsp->fnum;
+                       fsp->last_lock_failure.lock_type = READ_LOCK; /* Don't care. */
+                       fsp->last_lock_failure.lock_flav = blr->lock_flav;
+               }
        }
 
        ERROR_NT(status);
-       if (!srv_send_smb(smbd_server_fd(),outbuf,
-                       IS_CONN_ENCRYPTED(blr->fsp->conn))) {
+       if (!srv_send_smb(smbd_server_fd(),outbuf, blr->encrypted)) {
                exit_server_cleanly("generic_blocking_lock_error: srv_send_smb failed.");
        }
 }
@@ -605,6 +606,9 @@ file %s fnum = %d\n", blr->com_type, fsp->fsp_name, fsp->fnum ));
                                        locktype,
                                        NT_STATUS_RANGE_NOT_LOCKED);
                        }
+                       /* We're closing the file fsp here, so ensure
+                        * we don't have a dangling pointer. */
+                       blr->fsp = NULL;
                }
        }
 }