Second part of the fix for bug #7020 - smbd using 2G memory.

There was a second leak in the processing of the out_data.frag
prs_struct. It needs freeing once the current pdu has been returned
asynchronously.

Jeremy.

diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index 5d5eb0eeb1e6ad2255616b7a077cb0ad31524132..83f27fee8e5110b42d434231a2b17e833e817734 100644 (file)
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -903,6 +903,13 @@ static ssize_t read_from_internal_pipe(struct pipes_struct *p, char *data, size_
   out:
        (*is_data_outstanding) = prs_offset(&p->out_data.frag) > n;
 
+       if (p->out_data.current_pdu_sent == prs_offset(&p->out_data.frag)) {
+               /* We've returned everything in the out_data.frag
+                * so we're done with this pdu. Free it and reset
+                * current_pdu_sent. */
+               p->out_data.current_pdu_sent = 0;
+               prs_mem_free(&p->out_data.frag);
+       }
        return data_returned;
 }