From 1778debff146423e3543d40c2fe8413a34888a27 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 30 Aug 1998 04:27:26 +0000 Subject: added some defensive programming to nmbd. This mostly means zeroing areas of memory before freeing them. While doing this I also found a couple of real bugs. In two places we were freeing some memory that came from the stack, which leads to a certain core dump on many sytems. (This used to be commit c5e5c25c854e54f59291057ba47c4701b5910ebe) --- source3/nmbd/nmbd_responserecordsdb.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'source3/nmbd/nmbd_responserecordsdb.c') diff --git a/source3/nmbd/nmbd_responserecordsdb.c b/source3/nmbd/nmbd_responserecordsdb.c index 6dae0d43e9..21defa970c 100644 --- a/source3/nmbd/nmbd_responserecordsdb.c +++ b/source3/nmbd/nmbd_responserecordsdb.c @@ -80,16 +80,19 @@ void remove_response_record(struct subnet_record *subrec, if(rrec->userdata) { - if(rrec->userdata->free_fn) - (*rrec->userdata->free_fn)(rrec->userdata); - else - free((char *)rrec->userdata); + if(rrec->userdata->free_fn) { + (*rrec->userdata->free_fn)(rrec->userdata); + } else { + ZERO_STRUCTP(rrec->userdata); + free((char *)rrec->userdata); + } } /* Ensure we can delete. */ rrec->packet->locked = False; free_packet(rrec->packet); + ZERO_STRUCTP(rrec); free((char *)rrec); num_response_packets--; /* count of total number of packets still around */ @@ -135,6 +138,7 @@ struct response_record *make_response_record( struct subnet_record *subrec, if((rrec->userdata = (*userdata->copy_fn)(userdata)) == NULL) { DEBUG(0,("make_response_queue_record: copy fail for userdata.\n")); + ZERO_STRUCTP(rrec); free(rrec); return NULL; } @@ -146,6 +150,7 @@ struct response_record *make_response_record( struct subnet_record *subrec, malloc(sizeof(struct userdata_struct)+userdata->userdata_len)) == NULL) { DEBUG(0,("make_response_queue_record: malloc fail for userdata.\n")); + ZERO_STRUCTP(rrec); free(rrec); return NULL; } -- cgit