Patch to fix the "Invalid read of size 4" errors. Bug #3617.

author Jeremy Allison <jra@samba.org>

Fri, 29 Feb 2008 14:55:33 +0000 (06:55 -0800)

committer Karolin Seeger <kseeger@samba.org>

Fri, 29 Feb 2008 15:09:59 +0000 (16:09 +0100)
author Jeremy Allison <jra@samba.org>
Fri, 29 Feb 2008 14:55:33 +0000 (06:55 -0800)
committer Karolin Seeger <kseeger@samba.org>
Fri, 29 Feb 2008 15:09:59 +0000 (16:09 +0100)
diff --git a/source/nmbd/nmbd_responserecordsdb.c b/source/nmbd/nmbd_responserecordsdb.c

index 6498ce04cf32485c389092fdfde7626a66e2bf6a..b042fb41edbe640d4609d234a45ca02b87d48316 100644 (file)
--- a/source/nmbd/nmbd_responserecordsdb.c
+++ b/source/nmbd/nmbd_responserecordsdb.c
@@ -46,6 +46,24 @@ static void add_response_record(struct subnet_record *subrec,
  void remove_response_record(struct subnet_record *subrec,
                                 struct response_record *rrec)
  {
+       /* It is possible this can be called twice,
+          with a rrec pointer that has been freed. So
+          before we inderect into rrec, search for it
+          on the responselist first. Bug #3617. JRA. */
+
+       struct response_record *p = NULL;
+
+       for (p = subrec->responselist; p; p = p->next) {
+               if (p == rrec) {
+                       break;
+               }
+       }
+
+       if (p == NULL) {
+               /* We didn't find rrec on the list. */
+               return;
+       }
+
         DLIST_REMOVE(subrec->responselist, rrec);
  
         if(rrec->userdata) {
author	Jeremy Allison <jra@samba.org>
	Fri, 29 Feb 2008 14:55:33 +0000 (06:55 -0800)
committer	Karolin Seeger <kseeger@samba.org>
	Fri, 29 Feb 2008 15:09:59 +0000 (16:09 +0100)