talloc()

[Andrew Tridgell]

We have a bit of a problem with memory allocation in Samba. It is best
shown by the following tcpdump capture that I just got:

18:51:46.249115 192.168.114.1.3697 > 192.168.114.255.netbios-ns:
>>> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
TrnID=0x5F9D
OpCode=0
NmFlags=0x11
Rcode=0
QueryCount=1
AnswerCount=0
AuthorityCount=0
AddressRecCount=0
QuestionRecords:
Name=/USR/LOCAL/SAMB NameType=0x1C (Unknown)
QuestionType=0x20
QuestionClass=0x1

notice the name? That comes from our domain client code in
password.c. There is a call like this:

	if (!get_dc_list(lp_workgroup(), &ip_list, &count))
		return False;

the lp_workgroup() call grabs a static string from a ring buffer of 10
strings (see lp_string() in param/loadparm.c). This is done to prevent
all the mess of alloc/free calls every time we use a lp_*() string
function, but the technique is coming back to bite us. What happens in
this case is there are more than 10 lp_*() string calls deep inside
that get_dc_list() call and that results in the lp_workgroup() string
getting overwritten, so we end up sending the name query to the
lp_lockdir() string!

the real problem is the lack of a good temporary memory allocater/free
system in Samba. We can't use alloca() as it ain't portable enough.

before i build a new memory allocation (pool) system for Samba, can
someone point me at a good one? Note that I'm not interested in just a
malloc library, those are trivial to write and don't meet our needs
anyway. What we need is something that allows us to allocate temporary
memory and free it in one fell swoop in the main event loop. I can
probably write one in a day or so, but if there is a good one out
there then please point it out so I can save some time.

of course, the simple fix is ot up the number of static strings, but
for Samba 3.0 I'm trying to fix the really fundamental design flaws,
not exacerbate them :)

Cheers, Tridge