windows-smb-fidp-scp-race-
20090212
LICENSE MIT
FIXES 124293
As evident in a crash dump, there is a race surrounding access to the
scp field of the smb_fid_t object. Not all access was protected by
the smb_fid_t mx and the cm_scache_t object was not always being
reference counted within the accessing function.
This patch ensures that all initial references to the scp object
are performed under the smb_fid_t mx mutex and that the cm_scache_t
is prevented from being recycled by obtaining a local reference.
Finally, CM_ERROR_BADFD is returned as an error if a request begins
after the smb_fid_t scp field has already been cleared by a smb_CloseFID()
call as part of a concurrent request.