A problem in ndmp_packets.c

kawasa_r at itg.hitachi.co.jp kawasa_r at itg.hitachi.co.jp
Wed Dec 10 07:53:45 GMT 2003


We found a bug in ndmp_packets.c. In some cases, memory for response record is freed doubly when it is released.
So we post a fixed code.

[Problem]
The memory for response record is freed doubly when it is released.

[Cause]
In the loop of releasing response record, the pointer for next entry is stored to auto valuable.

[Measures]
Check the pointer for next entry is already released or not.

-----


diff -u samba-228a.org/source/nmbd/nmbd_packets.c  samba-228a/source/nmbd/nmbd_packets.c
============================================================================
--- samba-228a.org/source/nmbd/nmbd_packets.c	Thu Jul 17 11:41:40 2003
+++ samba-228a/source/nmbd/nmbd_packets.c	Tue May  6 12:26:11 2003
@@ -1637,10 +1637,22 @@
   for (subrec = FIRST_SUBNET; subrec;	
				subrec = get_next_subnet_maybe_unicast_or_wins_server(subrec))
   {
-	 struct response_record *rrec, *nextrrec;
+	 struct response_record *rrec, *nextrrec, *rrec2;
	
	 for (rrec = subrec->responselist; rrec; rrec = nextrrec)
	 {
+	   for(rrec2 = subrec->responselist ;
+		   rrec2 ;
+		   rrec2 = rrec2->next)
+	   {
+		 if(rrec2 == rrec) {
+		   break ;
+		 }
+	   }
+	   if(rrec2 == NULL) {
+		 rrec = subrec->responselist;
+	   }
+
	   nextrrec = rrec->next;
	
	   if (rrec->repeat_time <= t) 


============================================================================
【original:samba-228a.org/source/nmbd/nmbd_packets.c】

Revision 1.40.2.2.2.3 / (download) - annotate - [select for diffs] , 
Fri Mar 14 21:21:34 2003 UTC (4 months ago) by jerry 
Branch: SAMBA_2_2_RELEASE 
CVS Tags: release-2-2-8a, release-2-2-8 
============================================================================

Toru


More information about the samba-technical mailing list