diff options
author | Andrew Tridgell <tridge@samba.org> | 2003-12-14 03:51:48 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2003-12-14 03:51:48 +0000 |
commit | 089ae5e43543a4654dddd42d61eb84a8036c4780 (patch) | |
tree | 80805005ce6600152378113fd31a35e3e8563b45 | |
parent | 8f6b3eb1a9c1e996330b0edfb312b2345e292819 (diff) | |
download | samba-089ae5e43543a4654dddd42d61eb84a8036c4780.tar.gz samba-089ae5e43543a4654dddd42d61eb84a8036c4780.tar.bz2 samba-089ae5e43543a4654dddd42d61eb84a8036c4780.zip |
fixed some memory leaks in the rpc server code
(This used to be commit 20458556017f426ab57ca9a9d098cacecefbdcff)
-rw-r--r-- | source4/lib/talloc.c | 5 | ||||
-rw-r--r-- | source4/rpc_server/dcerpc_server.c | 19 | ||||
-rw-r--r-- | source4/rpc_server/dcerpc_tcp.c | 4 |
3 files changed, 16 insertions, 12 deletions
diff --git a/source4/lib/talloc.c b/source4/lib/talloc.c index 25871feac1..59d4eac500 100644 --- a/source4/lib/talloc.c +++ b/source4/lib/talloc.c @@ -490,7 +490,9 @@ void talloc_free(TALLOC_CTX *ctx, void *ptr) list */ if (ctx->list->ptr == ptr) { ctx->total_alloc_size -= ctx->list->size; + tc = ctx->list; ctx->list = ctx->list->next; + free(tc); free(ptr); return; } @@ -501,8 +503,11 @@ void talloc_free(TALLOC_CTX *ctx, void *ptr) } if (tc->next) { + struct talloc_chunk *tc2 = tc->next; ctx->total_alloc_size -= tc->next->size; tc->next = tc->next->next; + free(tc2); + free(ptr); } else { DEBUG(0,("Attempt to free non-allocated chunk in context '%s'\n", ctx->name)); diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index 81715f038b..7fa7a7aa8b 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -513,16 +513,15 @@ static void dce_partial_advance(struct dcesrv_state *dce, uint32 offset) DATA_BLOB blob; if (dce->partial_input.length == offset) { - talloc_free(dce->mem_ctx, dce->partial_input.data); + free(dce->partial_input.data); dce->partial_input = data_blob(NULL, 0); return; } blob = dce->partial_input; - dce->partial_input = data_blob_talloc(dce->mem_ctx, - blob.data + offset, - blob.length - offset); - talloc_free(dce->mem_ctx, blob.data); + dce->partial_input = data_blob(blob.data + offset, + blob.length - offset); + free(blob.data); } /* @@ -567,7 +566,7 @@ NTSTATUS dcesrv_input_process(struct dcesrv_state *dce) return status; } - dce_partial_advance(dce, ndr->offset); + dce_partial_advance(dce, blob.length); /* see if this is a continued packet */ if (!(call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST)) { @@ -651,14 +650,10 @@ NTSTATUS dcesrv_input_process(struct dcesrv_state *dce) */ NTSTATUS dcesrv_input(struct dcesrv_state *dce, const DATA_BLOB *data) { - struct ndr_pull *ndr; - TALLOC_CTX *mem_ctx; NTSTATUS status; - struct dcesrv_call_state *call; - dce->partial_input.data = talloc_realloc(dce->mem_ctx, - dce->partial_input.data, - dce->partial_input.length + data->length); + dce->partial_input.data = Realloc(dce->partial_input.data, + dce->partial_input.length + data->length); if (!dce->partial_input.data) { return NT_STATUS_NO_MEMORY; } diff --git a/source4/rpc_server/dcerpc_tcp.c b/source4/rpc_server/dcerpc_tcp.c index ee026b3674..c9aeb400d0 100644 --- a/source4/rpc_server/dcerpc_tcp.c +++ b/source4/rpc_server/dcerpc_tcp.c @@ -100,10 +100,12 @@ static void dcerpc_read_handler(struct event_context *ev, struct fd_event *fde, ret = read(fde->fd, blob.data, blob.length); if (ret == 0 || (ret == -1 && errno != EINTR)) { + data_blob_free(&blob); terminate_rpc_session(r, "eof on socket"); return; } if (ret == -1) { + data_blob_free(&blob); return; } @@ -265,6 +267,8 @@ static void add_socket_rpc(struct event_context *events, r, e->endpoint_ops); } } + + free(r); } /**************************************************************************** |