From d817b435342956295f0a31b91203d1a63ae12063 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Mon, 19 May 2008 15:53:09 +0200
Subject: Fix a memleak in irpc_remove_name

First, even when length==0 tdb_fetch might return something. Second, for some
weird reason there might be less data than necessary for a single server id.
(This used to be commit 49b04ca7aadf264e500d83bc8d3cb5173a86184e)
---
 source4/lib/messaging/messaging.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'source4/lib')

diff --git a/source4/lib/messaging/messaging.c b/source4/lib/messaging/messaging.c
index 19284461ee..e7b654894f 100644
--- a/source4/lib/messaging/messaging.c
+++ b/source4/lib/messaging/messaging.c
@@ -1085,8 +1085,14 @@ void irpc_remove_name(struct messaging_context *msg_ctx, const char *name)
 		return;
 	}
 	rec = tdb_fetch_bystring(t->tdb, name);
+	if (rec.dptr == NULL) {
+		tdb_unlock_bystring(t->tdb, name);
+		talloc_free(t);
+		return;
+	}
 	count = rec.dsize / sizeof(struct server_id);
 	if (count == 0) {
+		free(rec.dptr);
 		tdb_unlock_bystring(t->tdb, name);
 		talloc_free(t);
 		return;
-- 
cgit