double free in close_internal_rpc_pipe_hnd

[Gerald (Jerry) Carter]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gerald (Jerry) Carter wrote:

>>> Index: SAMBA_3_0/source/rpc_server/srv_pipe.c
>>> ===================================================================
>>> --- SAMBA_3_0/source/rpc_server/srv_pipe.c	(revision 13563)
>>> +++ SAMBA_3_0/source/rpc_server/srv_pipe.c	(working copy)
>>> @@ -617,6 +617,7 @@
>>>  
>>>  	/* Set up for non-authenticated user. */
>>>  	talloc_free(p->pipe_user.nt_user_token);
>>> +	p->pipe_user.nt_user_token = NULL;
>>>  	p->pipe_user.ut.ngroups = 0;
>>>  	SAFE_FREE( p->pipe_user.ut.groups);
> 
> Looks right to me.  This is exactly why I use the
> TALLOC_FREE() macro which resets the point to NULL after
> calling talloc_free().

James,

I just checked in a rename of all calls to talloc_free()
to TALLOC_FREE()  which should fix this issue as well.






cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD+gTGIR7qMdg1EfYRAkXCAKDUFOVE/0FOBJzFQyI0lkpdpGDKRQCdFZ1j
50R6kVpLiRZr0EHPZVUNo8w=
=LXzm
-----END PGP SIGNATURE-----