Fix a memleak in irpc_remove_name

First, even when length==0 tdb_fetch might return something. Second, for some
weird reason there might be less data than necessary for a single server id.
(This used to be commit 49b04ca7aadf264e500d83bc8d3cb5173a86184e)

1 files changed, 6 insertions, 0 deletions

diff --git a/source4/lib/messaging/messaging.c b/source4/lib/messaging/messaging.c
index 19284461ee..e7b654894f 100644
--- a/source4/lib/messaging/messaging.c
+++ b/source4/lib/messaging/messaging.c
@@ -1085,8 +1085,14 @@ void irpc_remove_name(struct messaging_context *msg_ctx, const char *name)
 		return;
 	}
 	rec = tdb_fetch_bystring(t->tdb, name);
+	if (rec.dptr == NULL) {
+		tdb_unlock_bystring(t->tdb, name);
+		talloc_free(t);
+		return;
+	}
 	count = rec.dsize / sizeof(struct server_id);
 	if (count == 0) {
+		free(rec.dptr);
 		tdb_unlock_bystring(t->tdb, name);
 		talloc_free(t);
 		return;