diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-07-08 17:57:56 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-07-09 12:40:28 +0200 |
commit | facc110c79b9ec4e3b0509ad6b00e1fd464d3a33 (patch) | |
tree | 76b9b1fccccbf85e376d775dd08760279415e0fd /source3/libsmb/smb2cli_read.c | |
parent | 504d092aa7d83304373b001cbe68c65a62a824bb (diff) | |
download | samba-facc110c79b9ec4e3b0509ad6b00e1fd464d3a33.tar.gz samba-facc110c79b9ec4e3b0509ad6b00e1fd464d3a33.tar.bz2 samba-facc110c79b9ec4e3b0509ad6b00e1fd464d3a33.zip |
s3:smb2cli_base: fix memory hierachy in smb2cli_req_recv()
We need to use talloc_reference() if there're more than one
response, but we use it in a way that the caller can't
call talloc_free() or talloc_unlink() on it.
metze
Diffstat (limited to 'source3/libsmb/smb2cli_read.c')
-rw-r--r-- | source3/libsmb/smb2cli_read.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/source3/libsmb/smb2cli_read.c b/source3/libsmb/smb2cli_read.c index 79224e517a..c348c9937c 100644 --- a/source3/libsmb/smb2cli_read.c +++ b/source3/libsmb/smb2cli_read.c @@ -27,7 +27,7 @@ struct smb2cli_read_state { uint8_t fixed[48]; - uint8_t *inbuf; + struct iovec *recv_iov; uint8_t *data; uint32_t data_length; }; @@ -85,7 +85,7 @@ static void smb2cli_read_done(struct tevent_req *subreq) struct iovec *iov; uint8_t data_offset; - status = smb2cli_req_recv(subreq, talloc_tos(), &iov, 17); + status = smb2cli_req_recv(subreq, state, &iov, 17); if (tevent_req_nterror(req, status)) { return; } @@ -98,7 +98,8 @@ static void smb2cli_read_done(struct tevent_req *subreq) tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); return; } - state->inbuf = smb2cli_req_inbuf(subreq); + + state->recv_iov = iov; state->data = (uint8_t *)iov[2].iov_base; tevent_req_done(req); } @@ -114,7 +115,7 @@ NTSTATUS smb2cli_read_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, if (tevent_req_is_nterror(req, &status)) { return status; } - talloc_steal(mem_ctx, state->inbuf); + talloc_steal(mem_ctx, state->recv_iov); *data_length = state->data_length; *data = state->data; return NT_STATUS_OK; |