summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2003-12-14 03:51:48 +0000
committerAndrew Tridgell <tridge@samba.org>2003-12-14 03:51:48 +0000
commit089ae5e43543a4654dddd42d61eb84a8036c4780 (patch)
tree80805005ce6600152378113fd31a35e3e8563b45
parent8f6b3eb1a9c1e996330b0edfb312b2345e292819 (diff)
downloadsamba-089ae5e43543a4654dddd42d61eb84a8036c4780.tar.gz
samba-089ae5e43543a4654dddd42d61eb84a8036c4780.tar.bz2
samba-089ae5e43543a4654dddd42d61eb84a8036c4780.zip
fixed some memory leaks in the rpc server code
(This used to be commit 20458556017f426ab57ca9a9d098cacecefbdcff)
-rw-r--r--source4/lib/talloc.c5
-rw-r--r--source4/rpc_server/dcerpc_server.c19
-rw-r--r--source4/rpc_server/dcerpc_tcp.c4
3 files changed, 16 insertions, 12 deletions
diff --git a/source4/lib/talloc.c b/source4/lib/talloc.c
index 25871feac1..59d4eac500 100644
--- a/source4/lib/talloc.c
+++ b/source4/lib/talloc.c
@@ -490,7 +490,9 @@ void talloc_free(TALLOC_CTX *ctx, void *ptr)
list */
if (ctx->list->ptr == ptr) {
ctx->total_alloc_size -= ctx->list->size;
+ tc = ctx->list;
ctx->list = ctx->list->next;
+ free(tc);
free(ptr);
return;
}
@@ -501,8 +503,11 @@ void talloc_free(TALLOC_CTX *ctx, void *ptr)
}
if (tc->next) {
+ struct talloc_chunk *tc2 = tc->next;
ctx->total_alloc_size -= tc->next->size;
tc->next = tc->next->next;
+ free(tc2);
+ free(ptr);
} else {
DEBUG(0,("Attempt to free non-allocated chunk in context '%s'\n",
ctx->name));
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index 81715f038b..7fa7a7aa8b 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -513,16 +513,15 @@ static void dce_partial_advance(struct dcesrv_state *dce, uint32 offset)
DATA_BLOB blob;
if (dce->partial_input.length == offset) {
- talloc_free(dce->mem_ctx, dce->partial_input.data);
+ free(dce->partial_input.data);
dce->partial_input = data_blob(NULL, 0);
return;
}
blob = dce->partial_input;
- dce->partial_input = data_blob_talloc(dce->mem_ctx,
- blob.data + offset,
- blob.length - offset);
- talloc_free(dce->mem_ctx, blob.data);
+ dce->partial_input = data_blob(blob.data + offset,
+ blob.length - offset);
+ free(blob.data);
}
/*
@@ -567,7 +566,7 @@ NTSTATUS dcesrv_input_process(struct dcesrv_state *dce)
return status;
}
- dce_partial_advance(dce, ndr->offset);
+ dce_partial_advance(dce, blob.length);
/* see if this is a continued packet */
if (!(call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST)) {
@@ -651,14 +650,10 @@ NTSTATUS dcesrv_input_process(struct dcesrv_state *dce)
*/
NTSTATUS dcesrv_input(struct dcesrv_state *dce, const DATA_BLOB *data)
{
- struct ndr_pull *ndr;
- TALLOC_CTX *mem_ctx;
NTSTATUS status;
- struct dcesrv_call_state *call;
- dce->partial_input.data = talloc_realloc(dce->mem_ctx,
- dce->partial_input.data,
- dce->partial_input.length + data->length);
+ dce->partial_input.data = Realloc(dce->partial_input.data,
+ dce->partial_input.length + data->length);
if (!dce->partial_input.data) {
return NT_STATUS_NO_MEMORY;
}
diff --git a/source4/rpc_server/dcerpc_tcp.c b/source4/rpc_server/dcerpc_tcp.c
index ee026b3674..c9aeb400d0 100644
--- a/source4/rpc_server/dcerpc_tcp.c
+++ b/source4/rpc_server/dcerpc_tcp.c
@@ -100,10 +100,12 @@ static void dcerpc_read_handler(struct event_context *ev, struct fd_event *fde,
ret = read(fde->fd, blob.data, blob.length);
if (ret == 0 || (ret == -1 && errno != EINTR)) {
+ data_blob_free(&blob);
terminate_rpc_session(r, "eof on socket");
return;
}
if (ret == -1) {
+ data_blob_free(&blob);
return;
}
@@ -265,6 +267,8 @@ static void add_socket_rpc(struct event_context *events,
r, e->endpoint_ops);
}
}
+
+ free(r);
}
/****************************************************************************