From 1a6ed9eb40662a5e070b862cce87fe4fbe99309e Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Wed, 10 Feb 2021 12:04:29 +0100
Subject: [PATCH] fix possible segfault in php_smb_ops_close when called after
 php_smb_pool_cleanup (unclosed stream)

---
 smb_streams.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/smb_streams.c b/smb_streams.c
index 8448dd6..f70c490 100644
--- a/smb_streams.c
+++ b/smb_streams.c
@@ -145,8 +145,12 @@ static void php_smb_pool_drop(php_smbclient_state *state TSRMLS_DC)
 	for (pool = SMBCLIENT_G(pool_first); pool; pool = pool->next) {
 		if (pool->state == state) {
 			pool->nb--;
+			return;
 		}
 	}
+
+	/* Not found (after php_smb_pool_cleanup) so close it */
+	php_smbclient_state_free(state TSRMLS_CC);
 }
 
 void php_smb_pool_cleanup(TSRMLS_D) {
@@ -154,7 +158,9 @@ void php_smb_pool_cleanup(TSRMLS_D) {
 
 	pool = SMBCLIENT_G(pool_first);
 	while (pool) {
-		php_smbclient_state_free(pool->state TSRMLS_CC);
+		if (!pool->nb) { /* Keep it when still used */
+			php_smbclient_state_free(pool->state TSRMLS_CC);
+		}
 		pool = pool->next;
 		efree(pool);
 	}
@@ -169,6 +175,7 @@ static int php_smb_ops_close(php_stream *stream, int close_handle TSRMLS_DC)
 	if (!self) {
 		return EOF;
 	}
+
 	if (close_handle) {
 		if (self->handle) {
 			smbc_close = smbc_getFunctionClose(self->state->ctx);