summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/smbd/conn.c8
-rw-r--r--source3/smbd/ipc.c3
-rw-r--r--source3/smbd/nttrans.c3
-rw-r--r--source3/smbd/trans2.c3
4 files changed, 14 insertions, 3 deletions
diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c
index 19ed49e7bf..083e8339c8 100644
--- a/source3/smbd/conn.c
+++ b/source3/smbd/conn.c
@@ -257,6 +257,7 @@ void conn_free_internal(connection_struct *conn)
{
vfs_handle_struct *handle = NULL, *thandle = NULL;
TALLOC_CTX *mem_ctx = NULL;
+ struct trans_state *state = NULL;
/* Free vfs_connection_struct */
handle = conn->vfs_handles;
@@ -268,6 +269,13 @@ void conn_free_internal(connection_struct *conn)
handle = thandle;
}
+ /* Free any pending transactions stored on this conn. */
+ for (state = conn->pending_trans; state; state = state->next) {
+ /* state->setup is a talloc child of state. */
+ SAFE_FREE(state->param);
+ SAFE_FREE(state->data);
+ }
+
free_namearray(conn->veto_list);
free_namearray(conn->hide_list);
free_namearray(conn->veto_oplock_list);
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index 08381524c0..9d347a430b 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -447,7 +447,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf,
return ERROR_NT(result);
}
- if ((state = TALLOC_P(NULL, struct trans_state)) == NULL) {
+ if ((state = TALLOC_P(conn->mem_ctx, struct trans_state)) == NULL) {
DEBUG(0, ("talloc failed\n"));
END_PROFILE(SMBtrans);
return ERROR_NT(NT_STATUS_NO_MEMORY);
@@ -458,6 +458,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf,
state->mid = SVAL(inbuf, smb_mid);
state->vuid = SVAL(inbuf, smb_uid);
state->setup_count = CVAL(inbuf, smb_suwcnt);
+ state->setup = NULL;
state->total_param = SVAL(inbuf, smb_tpscnt);
state->param = NULL;
state->total_data = SVAL(inbuf, smb_tdscnt);
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 3ade5b01c6..0cee421667 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -2845,7 +2845,7 @@ int reply_nttrans(connection_struct *conn,
return ERROR_NT(result);
}
- if ((state = TALLOC_P(NULL, struct trans_state)) == NULL) {
+ if ((state = TALLOC_P(conn->mem_ctx, struct trans_state)) == NULL) {
END_PROFILE(SMBnttrans);
return ERROR_DOS(ERRSRV,ERRaccess);
}
@@ -2862,6 +2862,7 @@ int reply_nttrans(connection_struct *conn,
/* setup count is in *words* */
state->setup_count = 2*CVAL(inbuf,smb_nt_SetupCount);
+ state->setup = NULL;
state->call = function_code;
/*
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index f2f0150f6f..2f4bcb414f 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -5265,7 +5265,7 @@ int reply_trans2(connection_struct *conn, char *inbuf,char *outbuf,
return ERROR_DOS(ERRSRV,ERRaccess);
}
- if ((state = TALLOC_P(NULL, struct trans_state)) == NULL) {
+ if ((state = TALLOC_P(conn->mem_ctx, struct trans_state)) == NULL) {
DEBUG(0, ("talloc failed\n"));
END_PROFILE(SMBtrans2);
return ERROR_NT(NT_STATUS_NO_MEMORY);
@@ -5276,6 +5276,7 @@ int reply_trans2(connection_struct *conn, char *inbuf,char *outbuf,
state->mid = SVAL(inbuf, smb_mid);
state->vuid = SVAL(inbuf, smb_uid);
state->setup_count = SVAL(inbuf, smb_suwcnt);
+ state->setup = NULL;
state->total_param = SVAL(inbuf, smb_tpscnt);
state->param = NULL;
state->total_data = SVAL(inbuf, smb_tdscnt);