r1121: Fix memory leak in the trans2 signing code.

We would start the trans2 state, which is fine, but never pull the
expected reply off the packet queue.

I'm not sure if this is still a major problem after jra's recent 'no
duplicate mids on the list' change, but I think this is correct
anyway.
(This used to be commit ee23a4237d427ce72d6a8c5f180ef48d6454cddc)

diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c
index 868c991c169283fa2311db7231fd3e4a075be112..8c59e49ebb973f411bca990e89df7193487ecf40 100644 (file)
--- a/source3/libsmb/smb_signing.c
+++ b/source3/libsmb/smb_signing.c
@@ -497,6 +497,7 @@ BOOL cli_simple_set_signing(struct cli_state *cli,
 void cli_signing_trans_start(struct cli_state *cli, uint16 mid)
 {
        struct smb_basic_signing_context *data = cli->sign_info.signing_context;
+       uint32 reply_seq_num;
 
        if (!cli->sign_info.doing_signing || !data)
                return;
@@ -504,9 +505,16 @@ void cli_signing_trans_start(struct cli_state *cli, uint16 mid)
        data->trans_info = smb_xmalloc(sizeof(struct trans_info_context));
        ZERO_STRUCTP(data->trans_info);
 
-       data->trans_info->send_seq_num = data->send_seq_num-2;
+       /* This ensures the sequence is pulled off the outstanding packet list */
+       if (!get_sequence_for_reply(&data->outstanding_packet_list, 
+                                   mid, &reply_seq_num)) {
+               DEBUG(1, ("get_sequence_for_reply failed - did we enter the trans signing state without sending a packet?\n")); 
+           return;
+       }
+
+       data->trans_info->send_seq_num = reply_seq_num - 1;
        data->trans_info->mid = mid;
-       data->trans_info->reply_seq_num = data->send_seq_num-1;
+       data->trans_info->reply_seq_num = reply_seq_num;
 
        DEBUG(10,("cli_signing_trans_start: storing mid = %u, reply_seq_num = %u, send_seq_num = %u \
 data->send_seq_num = %u\n",