double free in close_internal_rpc_pipe_hnd
Gerald (Jerry) Carter
jerry at samba.org
Mon Feb 20 16:51:07 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
James Peach wrote:
> Hi Jerry,
>
> FYI, I just came across a crash in top-of-tree. The corresponding
> talloc_free in src_pipe_hnd.c was introduced in r13316 ...
r13316 was the sync from trunk. I'll look but I doubt that the
bug is present in SAMBA_3_0_RELEASE.
> Index: SAMBA_3_0/source/rpc_server/srv_pipe.c
> ===================================================================
> --- SAMBA_3_0/source/rpc_server/srv_pipe.c (revision 13563)
> +++ SAMBA_3_0/source/rpc_server/srv_pipe.c (working copy)
> @@ -617,6 +617,7 @@
>
> /* Set up for non-authenticated user. */
> talloc_free(p->pipe_user.nt_user_token);
> + p->pipe_user.nt_user_token = NULL;
> p->pipe_user.ut.ngroups = 0;
> SAFE_FREE( p->pipe_user.ut.groups);
Looks right to me. This is exactly why I use the
TALLOC_FREE() macro which resets the point to NULL after
calling talloc_free().
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFD+fN7IR7qMdg1EfYRAls9AKCBsKl/6oIVeMb0J+R59H+aIDs59wCfViBb
FPxQb87dAI9njCVRqYVajNs=
=BdFQ
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list