From 98c65b6d6b57c546239cedae0264fd1bd3374e92 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Mon, 30 Sep 2013 12:52:49 +0000
Subject: [PATCH] smbd: Fix crash bug in notify_deferred_opens

The "deferred" array only holds enough entries for non-stale pids. We
should skip those as well when filling that array.

This bug came in with 19b6671. No issue in master and 4.1, we don't have
deferred entries anymore there.
---
 source3/smbd/close.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index e5b1fb7..4adcc61 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -204,10 +204,14 @@ static void notify_deferred_opens(struct smbd_server_connection *sconn,
 	num_deferred = 0;
 	for (i=0; i<lck->data->num_share_modes; i++) {
 		struct share_mode_entry *e = &lck->data->share_modes[i];
-		if (is_deferred_open_entry(e)) {
-			deferred[num_deferred] = *e;
-			num_deferred += 1;
+		if (!is_deferred_open_entry(e)) {
+			continue;
+		}
+		if (share_mode_stale_pid(lck->data, i)) {
+			continue;
 		}
+		deferred[num_deferred] = *e;
+		num_deferred += 1;
 	}
 
 	/*
-- 
1.8.1.2