From de9768764d08e954cd000a04e9646a828917d876 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 1 May 2007 09:55:36 +0000
Subject: [PATCH] r22629: if irpc gets freed within event_loop_once() we
 crash... so deferr the freeing

metze
(This used to be commit 3a30bc0d6137fe2b7440106b35dd0a9175cc8057)
---
 source4/lib/messaging/irpc.h      |  1 +
 source4/lib/messaging/messaging.c | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/source4/lib/messaging/irpc.h b/source4/lib/messaging/irpc.h
index 1d704ad943f..6873f014a6a 100644
--- a/source4/lib/messaging/irpc.h
+++ b/source4/lib/messaging/irpc.h
@@ -69,6 +69,7 @@ struct irpc_request {
 	void *r;
 	NTSTATUS status;
 	BOOL done;
+	BOOL reject_free;
 	TALLOC_CTX *mem_ctx;
 	struct {
 		void (*fn)(struct irpc_request *);
diff --git a/source4/lib/messaging/messaging.c b/source4/lib/messaging/messaging.c
index 04b340eb5a1..705fdcc4655 100644
--- a/source4/lib/messaging/messaging.c
+++ b/source4/lib/messaging/messaging.c
@@ -773,7 +773,14 @@ failed:
 */
 static int irpc_destructor(struct irpc_request *irpc)
 {
-	idr_remove(irpc->msg_ctx->idr, irpc->callid);
+	if (irpc->callid != -1) {
+		idr_remove(irpc->msg_ctx->idr, irpc->callid);
+		irpc->callid = -1;
+	}
+
+	if (irpc->reject_free) {
+		return -1;
+	}
 	return 0;
 }
 
@@ -866,11 +873,16 @@ NTSTATUS irpc_call_recv(struct irpc_request *irpc)
 
 	NT_STATUS_HAVE_NO_MEMORY(irpc);
 
+	irpc->reject_free = true;
+
 	while (!irpc->done) {
 		if (event_loop_once(irpc->msg_ctx->event.ev) != 0) {
 			return NT_STATUS_CONNECTION_DISCONNECTED;
 		}
 	}
+
+	irpc->reject_free = false;
+
 	status = irpc->status;
 	talloc_free(irpc);
 	return status;
-- 
2.34.1