From b33bde7b39953e171f05cdb53b6345ee3a9ec6e7 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 15 Dec 2006 00:49:12 +0000 Subject: [PATCH] r20178: Ensure we allocate the intermediate trans structs off conn->mem_ctx, not the null context so we can safefy free everything on conn close. Should fix possible memleak. Jeremy. --- source/smbd/conn.c | 8 ++++++++ source/smbd/ipc.c | 3 ++- source/smbd/nttrans.c | 3 ++- source/smbd/trans2.c | 3 ++- 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/source/smbd/conn.c b/source/smbd/conn.c index 19ed49e7bf4..083e8339c80 100644 --- a/source/smbd/conn.c +++ b/source/smbd/conn.c @@ -257,6 +257,7 @@ void conn_free_internal(connection_struct *conn) { vfs_handle_struct *handle = NULL, *thandle = NULL; TALLOC_CTX *mem_ctx = NULL; + struct trans_state *state = NULL; /* Free vfs_connection_struct */ handle = conn->vfs_handles; @@ -268,6 +269,13 @@ void conn_free_internal(connection_struct *conn) handle = thandle; } + /* Free any pending transactions stored on this conn. */ + for (state = conn->pending_trans; state; state = state->next) { + /* state->setup is a talloc child of state. */ + SAFE_FREE(state->param); + SAFE_FREE(state->data); + } + free_namearray(conn->veto_list); free_namearray(conn->hide_list); free_namearray(conn->veto_oplock_list); diff --git a/source/smbd/ipc.c b/source/smbd/ipc.c index 08381524c0d..9d347a430be 100644 --- a/source/smbd/ipc.c +++ b/source/smbd/ipc.c @@ -447,7 +447,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, return ERROR_NT(result); } - if ((state = TALLOC_P(NULL, struct trans_state)) == NULL) { + if ((state = TALLOC_P(conn->mem_ctx, struct trans_state)) == NULL) { DEBUG(0, ("talloc failed\n")); END_PROFILE(SMBtrans); return ERROR_NT(NT_STATUS_NO_MEMORY); @@ -458,6 +458,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, state->mid = SVAL(inbuf, smb_mid); state->vuid = SVAL(inbuf, smb_uid); state->setup_count = CVAL(inbuf, smb_suwcnt); + state->setup = NULL; state->total_param = SVAL(inbuf, smb_tpscnt); state->param = NULL; state->total_data = SVAL(inbuf, smb_tdscnt); diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c index 3ade5b01c6b..0cee4216670 100644 --- a/source/smbd/nttrans.c +++ b/source/smbd/nttrans.c @@ -2845,7 +2845,7 @@ int reply_nttrans(connection_struct *conn, return ERROR_NT(result); } - if ((state = TALLOC_P(NULL, struct trans_state)) == NULL) { + if ((state = TALLOC_P(conn->mem_ctx, struct trans_state)) == NULL) { END_PROFILE(SMBnttrans); return ERROR_DOS(ERRSRV,ERRaccess); } @@ -2862,6 +2862,7 @@ int reply_nttrans(connection_struct *conn, /* setup count is in *words* */ state->setup_count = 2*CVAL(inbuf,smb_nt_SetupCount); + state->setup = NULL; state->call = function_code; /* diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c index f2f0150f6f8..2f4bcb414fd 100644 --- a/source/smbd/trans2.c +++ b/source/smbd/trans2.c @@ -5265,7 +5265,7 @@ int reply_trans2(connection_struct *conn, char *inbuf,char *outbuf, return ERROR_DOS(ERRSRV,ERRaccess); } - if ((state = TALLOC_P(NULL, struct trans_state)) == NULL) { + if ((state = TALLOC_P(conn->mem_ctx, struct trans_state)) == NULL) { DEBUG(0, ("talloc failed\n")); END_PROFILE(SMBtrans2); return ERROR_NT(NT_STATUS_NO_MEMORY); @@ -5276,6 +5276,7 @@ int reply_trans2(connection_struct *conn, char *inbuf,char *outbuf, state->mid = SVAL(inbuf, smb_mid); state->vuid = SVAL(inbuf, smb_uid); state->setup_count = SVAL(inbuf, smb_suwcnt); + state->setup = NULL; state->total_param = SVAL(inbuf, smb_tpscnt); state->param = NULL; state->total_data = SVAL(inbuf, smb_tdscnt); -- 2.34.1