From 91e645b6d73a6ad9593b5dcdb78937573d48d0d3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 31 Aug 2004 01:16:50 +0000 Subject: r2118: fixed the receipt of bigendian rpc packets with the new async code. The fix uses the new talloc_increase_ref_count() function in an interesting way. I suspect this sort of technique will become quite common. (This used to be commit a86e629a39baf0ba2a6bb347eb9b72551c1477ff) --- source4/librpc/rpc/dcerpc.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 61e5c1c8b2..ae56213919 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -694,7 +694,7 @@ static void dcerpc_request_recv_data(struct dcerpc_pipe *p, /* - perform a full request/response pair on a dcerpc pipe + perform the send size of a async dcerpc request */ struct rpc_request *dcerpc_request_send(struct dcerpc_pipe *p, uint16_t opnum, @@ -805,7 +805,7 @@ struct event_context *dcerpc_event_context(struct dcerpc_pipe *p) /* - perform a full request/response pair on a dcerpc pipe + perform the receive side of a async dcerpc request */ NTSTATUS dcerpc_request_recv(struct rpc_request *req, TALLOC_CTX *mem_ctx, @@ -1071,13 +1071,20 @@ NTSTATUS dcerpc_ndr_request_recv(struct rpc_request *req) DATA_BLOB response; struct ndr_pull *pull; struct rpc_request_ndr ndr = req->ndr; - uint_t flags = req->flags; + uint_t flags; + + /* make sure the recv code doesn't free the request, as we + need to grab the flags element before it is freed */ + talloc_increase_ref_count(req); status = dcerpc_request_recv(req, ndr.mem_ctx, &response); if (!NT_STATUS_IS_OK(status)) { return status; } + flags = req->flags; + talloc_free(req); + /* prepare for ndr_pull_* */ pull = ndr_pull_init_blob(&response, ndr.mem_ctx); if (!pull) { -- cgit