[SCM] Samba Shared Repository - branch master updated
Volker Lendecke
vlendec at samba.org
Tue Jul 6 07:14:11 MDT 2010
The branch, master has been updated
via b4c3f72... s3: Fix a segfault in the RPC server
from 60a3cc8... s3: Fix another winbind crash
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b4c3f72d445a5659971b0080ab1eba88695d2a0d
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jul 6 15:07:05 2010 +0200
s3: Fix a segfault in the RPC server
After converting the rpc infratructure to talloc, read_from_internal_pipe freed
the outdata too early. If the last fragment was read in two pieces (as
rpcclient does it), all the outdata was freed during the read of the first
piece of the read of the last fragment. Later read&x calls, trying to read the
rest of the last fragment stepped into p->out_data.frag with non-zero offset
when this was already freed.
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/srv_pipe_hnd.c | 17 +++++++++--------
1 files changed, 9 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index a77b9ea..e933992 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -858,15 +858,16 @@ static ssize_t read_from_internal_pipe(struct pipes_struct *p, char *data,
* current_pdu_sent. */
p->out_data.current_pdu_sent = 0;
prs_mem_free(&p->out_data.frag);
- }
- if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
- /*
- * We're completely finished with both outgoing and
- * incoming data streams. It's safe to free all temporary
- * data from this request.
- */
- free_pipe_context(p);
+ if (p->out_data.data_sent_length
+ >= prs_offset(&p->out_data.rdata)) {
+ /*
+ * We're completely finished with both outgoing and
+ * incoming data streams. It's safe to free all
+ * temporary data from this request.
+ */
+ free_pipe_context(p);
+ }
}
return data_returned;
--
Samba Shared Repository
More information about the samba-cvs
mailing list