summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2008-02-29 06:55:33 -0800
committerJeremy Allison <jra@samba.org>2008-02-29 06:55:33 -0800
commit6a7b6a1961b2bb74e25b4134422089f16a32cc9e (patch)
tree75135d554007d96c6f3edd97e2d11a2be3cda685
parent6346ab79a61be7325fdf3f16ac7f002f8128050c (diff)
downloadsamba-6a7b6a1961b2bb74e25b4134422089f16a32cc9e.tar.gz
samba-6a7b6a1961b2bb74e25b4134422089f16a32cc9e.tar.bz2
samba-6a7b6a1961b2bb74e25b4134422089f16a32cc9e.zip
Patch to fix the "Invalid read of size 4" errors. Bug #3617.
Jeremy. (This used to be commit fa12667ec284fdda45b79cbf6bf548ab0faae34f)
-rw-r--r--source3/nmbd/nmbd_responserecordsdb.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/source3/nmbd/nmbd_responserecordsdb.c b/source3/nmbd/nmbd_responserecordsdb.c
index 6498ce04cf..b042fb41ed 100644
--- a/source3/nmbd/nmbd_responserecordsdb.c
+++ b/source3/nmbd/nmbd_responserecordsdb.c
@@ -46,6 +46,24 @@ static void add_response_record(struct subnet_record *subrec,
void remove_response_record(struct subnet_record *subrec,
struct response_record *rrec)
{
+ /* It is possible this can be called twice,
+ with a rrec pointer that has been freed. So
+ before we inderect into rrec, search for it
+ on the responselist first. Bug #3617. JRA. */
+
+ struct response_record *p = NULL;
+
+ for (p = subrec->responselist; p; p = p->next) {
+ if (p == rrec) {
+ break;
+ }
+ }
+
+ if (p == NULL) {
+ /* We didn't find rrec on the list. */
+ return;
+ }
+
DLIST_REMOVE(subrec->responselist, rrec);
if(rrec->userdata) {