Luke Kenneth Casson Leighton lkcl at samba.org
Tue Jan 4 08:34:11 GMT 2000

andrew, it would be _extremely_ good if you could write one of these.  the
problem with memory allocation in dce/rpc is this:

make a function call requesting an info level.
[marshall request.. ship it... unmasrhall]
function call locally mallocs memory to service the request.
[marshall response... ship it (large) ... unmarshall].
the unmarshall at the receiving end locally mallocs memory to
provide the request.

how do you free these bits of memory?

NT has NetApiBufferFree() on a per-pipe basis this is implemented to free
up lcocal memory.

remote malloc'd memory is easier to deal with, however local malloc'd
memory is a different matter.  the unmarshalling at receiving end code is
responsible for doing the mallocs, so the caller has _no_ idea how to
properly handle frees.

if you can create a talloc(MEMORY_STORE *store, size_t size),and provide
MEMORY_STORE *init_talloc(), free_talloc(MEMORY_STORE *store) as
base-level functions, then i can use it to trash locally-malloced memory
on a per-function call basis, without having to worry about memory leaks
and per-msrpc-function-call specific freeing routines.



On Tue, 4 Jan 2000, Andrew Tridgell wrote:

> We have a bit of a problem with memory allocation in Samba. It is best
> shown by the following tcpdump capture that I just got:
> 18:51:46.249115 >
> TrnID=0x5F9D
> OpCode=0
> NmFlags=0x11
> Rcode=0
> QueryCount=1
> AnswerCount=0
> AuthorityCount=0
> AddressRecCount=0
> QuestionRecords:
> Name=/USR/LOCAL/SAMB NameType=0x1C (Unknown)
> QuestionType=0x20
> QuestionClass=0x1
> notice the name? That comes from our domain client code in
> password.c. There is a call like this:
> 	if (!get_dc_list(lp_workgroup(), &ip_list, &count))
> 		return False;
> the lp_workgroup() call grabs a static string from a ring buffer of 10
> strings (see lp_string() in param/loadparm.c). This is done to prevent
> all the mess of alloc/free calls every time we use a lp_*() string
> function, but the technique is coming back to bite us. What happens in
> this case is there are more than 10 lp_*() string calls deep inside
> that get_dc_list() call and that results in the lp_workgroup() string
> getting overwritten, so we end up sending the name query to the
> lp_lockdir() string!
> the real problem is the lack of a good temporary memory allocater/free
> system in Samba. We can't use alloca() as it ain't portable enough.
> before i build a new memory allocation (pool) system for Samba, can
> someone point me at a good one? Note that I'm not interested in just a
> malloc library, those are trivial to write and don't meet our needs
> anyway. What we need is something that allows us to allocate temporary
> memory and free it in one fell swoop in the main event loop. I can
> probably write one in a day or so, but if there is a good one out
> there then please point it out so I can save some time.
> of course, the simple fix is ot up the number of static strings, but
> for Samba 3.0 I'm trying to fix the really fundamental design flaws,
> not exacerbate them :)
> Cheers, Tridge

More information about the samba-technical mailing list