r13081: correct fix for the segv in nmbd caused by a double free on namerec.

(This used to be commit c908dbc4b260bac72cbc6d25f4728359a6ec8259)

2 files changed, 8 insertions, 8 deletions

diff --git a/source3/nmbd/nmbd_namelistdb.c b/source3/nmbd/nmbd_namelistdb.c
index baaf5dbd54..60023a7ed5 100644
--- a/source3/nmbd/nmbd_namelistdb.c
+++ b/source3/nmbd/nmbd_namelistdb.c
@@ -80,14 +80,13 @@ static void upcase_name( struct nmb_name *target, const struct nmb_name *source
 void remove_name_from_namelist(struct subnet_record *subrec, 
 				struct name_record *namerec )
 {
-	if (subrec == wins_server_subnet) {
+	if (subrec == wins_server_subnet) 
 		remove_name_from_wins_namelist(namerec);
-		return;
-	} 
-
-	subrec->namelist_changed = True;
+	else {
+		subrec->namelist_changed = True;
+		DLIST_REMOVE(subrec->namelist, namerec);
+	}
 
-	DLIST_REMOVE(subrec->namelist, namerec);
 	SAFE_FREE(namerec->data.ip);
 	ZERO_STRUCTP(namerec);
 	SAFE_FREE(namerec);
diff --git a/source3/nmbd/nmbd_winsserver.c b/source3/nmbd/nmbd_winsserver.c
index 5c234bf8dc..9983efe5eb 100644
--- a/source3/nmbd/nmbd_winsserver.c
+++ b/source3/nmbd/nmbd_winsserver.c
@@ -290,8 +290,9 @@ BOOL remove_name_from_wins_namelist(struct name_record *namerec)
 
 	DLIST_REMOVE(wins_server_subnet->namelist, namerec);
 	SAFE_FREE(namerec->data.ip);
-	ZERO_STRUCTP(namerec);
-	SAFE_FREE(namerec);
+
+	/* namerec must be freed by the caller */
+
 	return (ret == 0) ? True : False;
 }