s3 : smbd : Protect all possible code paths from fsp->op == NULL.

In changes to come this will be possible for an INTERNAL_OPEN_ONLY.
The protection was already in place for some code paths, this
makes the coverage compete.

Bug 10564 - Lock order violation and file lost

https://bugzilla.samba.org/show_bug.cgi?id=10564

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

2 files changed, 13 insertions, 0 deletions

diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c
index eec29f664f..44d771ebf0 100644
--- a/source3/smbd/aio.c
+++ b/source3/smbd/aio.c
@@ -688,6 +688,11 @@ NTSTATUS schedule_smb2_aio_read(connection_struct *conn,
 		return NT_STATUS_RETRY;
 	}
 
+	if (fsp->op == NULL) {
+		/* No AIO on internal opens. */
+		return NT_STATUS_RETRY;
+	}
+
 	if ((!min_aio_read_size || (smb_maxcnt < min_aio_read_size))
 	    && !SMB_VFS_AIO_FORCE(fsp)) {
 		/* Too small a read for aio request. */
@@ -839,6 +844,11 @@ NTSTATUS schedule_aio_smb2_write(connection_struct *conn,
 		return NT_STATUS_RETRY;
 	}
 
+	if (fsp->op == NULL) {
+		/* No AIO on internal opens. */
+		return NT_STATUS_RETRY;
+	}
+
 	if ((!min_aio_write_size || (in_data.length < min_aio_write_size))
 	    && !SMB_VFS_AIO_FORCE(fsp)) {
 		/* Too small a write for aio request. */
diff --git a/source3/smbd/scavenger.c b/source3/smbd/scavenger.c
index e6e2878806..122305e04b 100644
--- a/source3/smbd/scavenger.c
+++ b/source3/smbd/scavenger.c
@@ -418,6 +418,9 @@ void scavenger_schedule_disconnected(struct files_struct *fsp)
 	struct scavenger_message msg;
 	DATA_BLOB msg_blob;
 
+	if (fsp->op == NULL) {
+		return;
+	}
 	nttime_to_timeval(&disconnect_time, fsp->op->global->disconnect_time);
 	timeout_usec = 1000 * fsp->op->global->durable_timeout_msec;
 	until = timeval_add(&disconnect_time,