From 67231dcbb1c31dc128bcc773de67a86c0b795398 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Sep 2006 06:34:21 +0000 Subject: r18779: Not simo's fault, this is actually a bug I introduced a week ago, when I fixed the previous bug in this code. We need to remove fragments from the incoming fragment list, or else we leak (actually, we walk free()'ed data as we add/remove elements). Andrew Bartlett (This used to be commit 77473d2ef9a7673cebb56b398acf390fd51a08c8) --- source4/rpc_server/dcerpc_server.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index f74e522564..a78c424eaa 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -1056,7 +1056,10 @@ NTSTATUS dcesrv_input_process(struct dcesrv_connection *dce_conn) DLIST_ADD_END(dce_conn->incoming_fragmented_call_list, call, struct dcesrv_call_state *); return NT_STATUS_OK; - } + } + + /* This removes any fragments we may have had stashed away */ + DLIST_REMOVE(dce_conn->incoming_fragmented_call_list, call); switch (call->pkt.ptype) { case DCERPC_PKT_BIND: -- cgit