TODO cleanup incomplete_buffer librpc/rpc/binding_handle.c

diff --git a/librpc/rpc/binding_handle.c b/librpc/rpc/binding_handle.c
index 9f467a92511016807897114f511f19247b1d0f8b..60b93770a8b4f5f422a0de3e0bfd3aa8f58abb83 100644 (file)
--- a/librpc/rpc/binding_handle.c
+++ b/librpc/rpc/binding_handle.c
@@ -1140,6 +1140,9 @@ static void dcerpc_binding_handle_call_params_pull_notify(struct tevent_req *req
                struct dcerpc_binding_handle_call_params_state);
        enum ndr_err_code ndr_err;
        const uint32_t *count = NULL;
+       uint32_t saved_offset;
+       size_t saved_ndr_blocks;
+       size_t saved_mem_blocks;
 
        if (call_state->pull == NULL) {
                return;
@@ -1149,14 +1152,20 @@ static void dcerpc_binding_handle_call_params_pull_notify(struct tevent_req *req
                return;
        }
 
-       call_state->pull->current_mem_ctx = state->chunk_mem;
-
        /* pull the structure from the blob */
+       saved_offset = call_state->pull->offset;
+       saved_ndr_blocks = talloc_total_blocks(call_state->pull);
+       saved_mem_blocks = talloc_total_blocks(state->chunk_mem);
+
+       call_state->pull->current_mem_ctx = state->chunk_mem;
        ndr_err = call_state->call_pipe->ndr_pull(call_state->pull,
                                                  NDR_SCALARS|NDR_BUFFERS,
                                                  state->chunk_ptr);
        if (ndr_err == NDR_ERR_INCOMPLETE_BUFFER) {
-//TODO clean up??
+               SMB_ASSERT(saved_mem_blocks == 1);
+               SMB_ASSERT(saved_ndr_blocks == talloc_total_blocks(call_state->pull));
+               talloc_free_children(state->chunk_mem);
+               call_state->pull->offset = saved_offset;
                return;
        }
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {