svn commit: samba r20178 - in branches: SAMBA_3_0/source/smbd SAMBA_3_0_24/source/smbd

jra at samba.org jra at samba.org
Fri Dec 15 00:49:14 GMT 2006 

Author: jra
Date: 2006-12-15 00:49:12 +0000 (Fri, 15 Dec 2006)
New Revision: 20178

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20178

Log:
Ensure we allocate the intermediate trans structs
off conn->mem_ctx, not the null context so we can
safefy free everything on conn close. Should fix
possible memleak.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/smbd/conn.c
   branches/SAMBA_3_0/source/smbd/ipc.c
   branches/SAMBA_3_0/source/smbd/nttrans.c
   branches/SAMBA_3_0/source/smbd/trans2.c
   branches/SAMBA_3_0_24/source/smbd/conn.c
   branches/SAMBA_3_0_24/source/smbd/ipc.c
   branches/SAMBA_3_0_24/source/smbd/nttrans.c
   branches/SAMBA_3_0_24/source/smbd/trans2.c


Changeset:
Modified: branches/SAMBA_3_0/source/smbd/conn.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/conn.c	2006-12-14 22:45:12 UTC (rev 20177)
+++ branches/SAMBA_3_0/source/smbd/conn.c	2006-12-15 00:49:12 UTC (rev 20178)
@@ -257,6 +257,7 @@
 {
  	vfs_handle_struct *handle = NULL, *thandle = NULL;
  	TALLOC_CTX *mem_ctx = NULL;
+	struct trans_state *state = NULL;
 
 	/* Free vfs_connection_struct */
 	handle = conn->vfs_handles;
@@ -268,6 +269,13 @@
 		handle = thandle;
 	}
 
+	/* Free any pending transactions stored on this conn. */
+	for (state = conn->pending_trans; state; state = state->next) {
+		/* state->setup is a talloc child of state. */
+		SAFE_FREE(state->param);
+		SAFE_FREE(state->data);
+	}
+
 	free_namearray(conn->veto_list);
 	free_namearray(conn->hide_list);
 	free_namearray(conn->veto_oplock_list);

Modified: branches/SAMBA_3_0/source/smbd/ipc.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/ipc.c	2006-12-14 22:45:12 UTC (rev 20177)
+++ branches/SAMBA_3_0/source/smbd/ipc.c	2006-12-15 00:49:12 UTC (rev 20178)
@@ -447,7 +447,7 @@
 		return ERROR_NT(result);
 	}
 
-	if ((state = TALLOC_P(NULL, struct trans_state)) == NULL) {
+	if ((state = TALLOC_P(conn->mem_ctx, struct trans_state)) == NULL) {
 		DEBUG(0, ("talloc failed\n"));
 		END_PROFILE(SMBtrans);
 		return ERROR_NT(NT_STATUS_NO_MEMORY);
@@ -458,6 +458,7 @@
 	state->mid = SVAL(inbuf, smb_mid);
 	state->vuid = SVAL(inbuf, smb_uid);
 	state->setup_count = CVAL(inbuf, smb_suwcnt);
+	state->setup = NULL;
 	state->total_param = SVAL(inbuf, smb_tpscnt);
 	state->param = NULL;
 	state->total_data = SVAL(inbuf, smb_tdscnt);

Modified: branches/SAMBA_3_0/source/smbd/nttrans.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/nttrans.c	2006-12-14 22:45:12 UTC (rev 20177)
+++ branches/SAMBA_3_0/source/smbd/nttrans.c	2006-12-15 00:49:12 UTC (rev 20178)
@@ -2845,7 +2845,7 @@
 		return ERROR_NT(result);
 	}
 
-	if ((state = TALLOC_P(NULL, struct trans_state)) == NULL) {
+	if ((state = TALLOC_P(conn->mem_ctx, struct trans_state)) == NULL) {
 		END_PROFILE(SMBnttrans);
 		return ERROR_DOS(ERRSRV,ERRaccess);
 	}
@@ -2862,6 +2862,7 @@
 
 	/* setup count is in *words* */
 	state->setup_count = 2*CVAL(inbuf,smb_nt_SetupCount); 
+	state->setup = NULL;
 	state->call = function_code;
 
 	/* 

Modified: branches/SAMBA_3_0/source/smbd/trans2.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/trans2.c	2006-12-14 22:45:12 UTC (rev 20177)
+++ branches/SAMBA_3_0/source/smbd/trans2.c	2006-12-15 00:49:12 UTC (rev 20178)
@@ -5265,7 +5265,7 @@
 		return ERROR_DOS(ERRSRV,ERRaccess);
 	}
 
-	if ((state = TALLOC_P(NULL, struct trans_state)) == NULL) {
+	if ((state = TALLOC_P(conn->mem_ctx, struct trans_state)) == NULL) {
 		DEBUG(0, ("talloc failed\n"));
 		END_PROFILE(SMBtrans2);
 		return ERROR_NT(NT_STATUS_NO_MEMORY);
@@ -5276,6 +5276,7 @@
 	state->mid = SVAL(inbuf, smb_mid);
 	state->vuid = SVAL(inbuf, smb_uid);
 	state->setup_count = SVAL(inbuf, smb_suwcnt);
+	state->setup = NULL;
 	state->total_param = SVAL(inbuf, smb_tpscnt);
 	state->param = NULL;
 	state->total_data =  SVAL(inbuf, smb_tdscnt);

Modified: branches/SAMBA_3_0_24/source/smbd/conn.c
===================================================================
--- branches/SAMBA_3_0_24/source/smbd/conn.c	2006-12-14 22:45:12 UTC (rev 20177)
+++ branches/SAMBA_3_0_24/source/smbd/conn.c	2006-12-15 00:49:12 UTC (rev 20178)
@@ -257,6 +257,7 @@
 {
  	vfs_handle_struct *handle = NULL, *thandle = NULL;
  	TALLOC_CTX *mem_ctx = NULL;
+	struct trans_state *state = NULL;
 
 	/* Free vfs_connection_struct */
 	handle = conn->vfs_handles;
@@ -268,6 +269,13 @@
 		handle = thandle;
 	}
 
+	/* Free any pending transactions stored on this conn. */
+	for (state = conn->pending_trans; state; state = state->next) {
+		/* state->setup is a talloc child of state. */
+		SAFE_FREE(state->param);
+		SAFE_FREE(state->data);
+	}
+
 	free_namearray(conn->veto_list);
 	free_namearray(conn->hide_list);
 	free_namearray(conn->veto_oplock_list);

Modified: branches/SAMBA_3_0_24/source/smbd/ipc.c
===================================================================
--- branches/SAMBA_3_0_24/source/smbd/ipc.c	2006-12-14 22:45:12 UTC (rev 20177)
+++ branches/SAMBA_3_0_24/source/smbd/ipc.c	2006-12-15 00:49:12 UTC (rev 20178)
@@ -447,7 +447,7 @@
 		return ERROR_NT(result);
 	}
 
-	if ((state = TALLOC_P(NULL, struct trans_state)) == NULL) {
+	if ((state = TALLOC_P(conn->mem_ctx, struct trans_state)) == NULL) {
 		DEBUG(0, ("talloc failed\n"));
 		END_PROFILE(SMBtrans);
 		return ERROR_NT(NT_STATUS_NO_MEMORY);
@@ -458,6 +458,7 @@
 	state->mid = SVAL(inbuf, smb_mid);
 	state->vuid = SVAL(inbuf, smb_uid);
 	state->setup_count = CVAL(inbuf, smb_suwcnt);
+	state->setup = NULL;
 	state->total_param = SVAL(inbuf, smb_tpscnt);
 	state->param = NULL;
 	state->total_data = SVAL(inbuf, smb_tdscnt);

Modified: branches/SAMBA_3_0_24/source/smbd/nttrans.c
===================================================================
--- branches/SAMBA_3_0_24/source/smbd/nttrans.c	2006-12-14 22:45:12 UTC (rev 20177)
+++ branches/SAMBA_3_0_24/source/smbd/nttrans.c	2006-12-15 00:49:12 UTC (rev 20178)
@@ -2845,7 +2845,7 @@
 		return ERROR_NT(result);
 	}
 
-	if ((state = TALLOC_P(NULL, struct trans_state)) == NULL) {
+	if ((state = TALLOC_P(conn->mem_ctx, struct trans_state)) == NULL) {
 		END_PROFILE(SMBnttrans);
 		return ERROR_DOS(ERRSRV,ERRaccess);
 	}
@@ -2862,6 +2862,7 @@
 
 	/* setup count is in *words* */
 	state->setup_count = 2*CVAL(inbuf,smb_nt_SetupCount); 
+	state->setup = NULL;
 	state->call = function_code;
 
 	/* 

Modified: branches/SAMBA_3_0_24/source/smbd/trans2.c
===================================================================
--- branches/SAMBA_3_0_24/source/smbd/trans2.c	2006-12-14 22:45:12 UTC (rev 20177)
+++ branches/SAMBA_3_0_24/source/smbd/trans2.c	2006-12-15 00:49:12 UTC (rev 20178)
@@ -5265,7 +5265,7 @@
 		return ERROR_DOS(ERRSRV,ERRaccess);
 	}
 
-	if ((state = TALLOC_P(NULL, struct trans_state)) == NULL) {
+	if ((state = TALLOC_P(conn->mem_ctx, struct trans_state)) == NULL) {
 		DEBUG(0, ("talloc failed\n"));
 		END_PROFILE(SMBtrans2);
 		return ERROR_NT(NT_STATUS_NO_MEMORY);
@@ -5276,6 +5276,7 @@
 	state->mid = SVAL(inbuf, smb_mid);
 	state->vuid = SVAL(inbuf, smb_uid);
 	state->setup_count = SVAL(inbuf, smb_suwcnt);
+	state->setup = NULL;
 	state->total_param = SVAL(inbuf, smb_tpscnt);
 	state->param = NULL;
 	state->total_data =  SVAL(inbuf, smb_tdscnt);

More information about the samba-cvs mailing list