From b925d197f5c1829f7bb8c18de2557c0ccc2d94a9 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Sat, 2 Aug 2003 08:48:01 +0000
Subject: Ensure we don't leak any sign records on cancel of pending requests.
 Jeremy. (This used to be commit 9a8ffc239c0f1aada713de7e9e007066738d8874)

---
 source3/libsmb/smb_signing.c | 27 +++++++++++++++++++++++++++
 source3/smbd/notify.c        |  1 +
 source3/smbd/nttrans.c       |  1 +
 3 files changed, 29 insertions(+)

(limited to 'source3')

diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c
index c3fc3306fe..4167452953 100644
--- a/source3/libsmb/smb_signing.c
+++ b/source3/libsmb/smb_signing.c
@@ -809,11 +809,38 @@ void srv_defer_sign_response(uint16 mid)
 
 	data = (struct smb_basic_signing_context *)srv_sign_info.signing_context;
 
+	if (!data)
+		return;
+
 	store_sequence_for_reply(&data->outstanding_packet_list, 
 				 mid, data->send_seq_num);
 	data->send_seq_num++;
 }
 
+/***********************************************************
+ Called to remove sequence records when a deferred packet is
+ cancelled by mid. This should never find one....
+************************************************************/
+
+void srv_cancel_sign_response(uint16 mid)
+{
+	struct smb_basic_signing_context *data;
+	uint32 dummy_seq;
+
+	if (!srv_sign_info.doing_signing)
+		return;
+
+	data = (struct smb_basic_signing_context *)srv_sign_info.signing_context;
+
+	if (!data)
+		return;
+
+	DEBUG(10,("srv_cancel_sign_response: for mid %u\n", (unsigned int)mid ));
+
+	while (get_sequence_for_reply(&data->outstanding_packet_list, mid, &dummy_seq))
+		;
+}
+
 /***********************************************************
  Called by server negprot when signing has been negotiated.
 ************************************************************/
diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c
index e7903719ad..9adf827c79 100644
--- a/source3/smbd/notify.c
+++ b/source3/smbd/notify.c
@@ -44,6 +44,7 @@ static struct change_notify *change_notify_list;
 /****************************************************************************
  Setup the common parts of the return packet and send it.
 *****************************************************************************/
+
 static void change_notify_reply_packet(char *inbuf, NTSTATUS error_code)
 {
 	char outbuf[smb_size+38];
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 1506877aff..3ffa6efa77 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1443,6 +1443,7 @@ int reply_ntcancel(connection_struct *conn,
 	START_PROFILE(SMBntcancel);
 	remove_pending_change_notify_requests_by_mid(mid);
 	remove_pending_lock_requests_by_mid(mid);
+	srv_cancel_sign_response(mid);
 	
 	DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", mid));
 
-- 
cgit