r22561: Fix a memleak in lanman.c: Nobody would free the session_list.

author Volker Lendecke <vlendec@samba.org>

Sat, 28 Apr 2007 18:16:33 +0000 (18:16 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 17:19:45 +0000 (12:19 -0500)
author Volker Lendecke <vlendec@samba.org>
Sat, 28 Apr 2007 18:16:33 +0000 (18:16 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 17:19:45 +0000 (12:19 -0500)
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c

index 8f68bf36a1c291d486c99e234132867c97252c34..bdd8f68d5122b9bbd85ce5cc0b3d6ccf037c8251 100644 (file)
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -769,13 +769,12 @@ static void init_srv_sess_info_0(pipes_struct *p, struct srvsvc_NetSessCtr0 *ss0
  {
         struct sessionid *session_list;
         uint32 num_entries = 0;
-       (*stot) = list_sessions(&session_list);
+       (*stot) = list_sessions(p->mem_ctx, &session_list);
  
         if (ss0 == NULL) {
                 if (snum) {
                         (*snum) = 0;
                 }
-               SAFE_FREE(session_list);
                 return;
         }
  
@@ -799,7 +798,6 @@ static void init_srv_sess_info_0(pipes_struct *p, struct srvsvc_NetSessCtr0 *ss0
                 ss0->array = NULL;
                 ss0->count = 0;
         }
-       SAFE_FREE(session_list);
  }
  
  /*******************************************************************
@@ -859,7 +857,7 @@ static void init_srv_sess_info_1(pipes_struct *p, struct srvsvc_NetSessCtr1 *ss1
                 return;
         }
  
-       (*stot) = list_sessions(&session_list);
+       (*stot) = list_sessions(p->mem_ctx, &session_list);
  
         ss1->array = TALLOC_ARRAY(p->mem_ctx, struct srvsvc_NetSessInfo1, *stot);
         
@@ -900,8 +898,6 @@ static void init_srv_sess_info_1(pipes_struct *p, struct srvsvc_NetSessCtr1 *ss1
         if ((*snum) >= (*stot)) {
                 (*snum) = 0;
         }
-
-       SAFE_FREE(session_list);
  }
  
  /*******************************************************************
@@ -1222,7 +1218,7 @@ WERROR _srvsvc_NetSessDel(pipes_struct *p, struct srvsvc_NetSessDel *r)
                 memmove(machine, &machine[1], strlen(machine));
         }
  
-       num_sessions = list_sessions(&session_list);
+       num_sessions = list_sessions(p->mem_ctx, &session_list);
  
         DEBUG(5,("_srv_net_sess_del: %d\n", __LINE__));
  
@@ -1248,10 +1244,7 @@ WERROR _srvsvc_NetSessDel(pipes_struct *p, struct srvsvc_NetSessDel *r)
  
         DEBUG(5,("_srv_net_sess_del: %d\n", __LINE__));
  
-
  done:
-       SAFE_FREE(session_list);
-
         return status;
  }
  
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c

index cd2750d7595faab9a6b80fc26df03b3f93264015..05b1e812b2579fd710d899967287227d5ef067a3 100644 (file)
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -4213,7 +4213,7 @@ static BOOL api_RNetSessionEnum(connection_struct *conn, uint16 vuid,
                 return False;
         }
  
-       num_sessions = list_sessions(&session_list);
+       num_sessions = list_sessions(tmp_talloc_ctx(), &session_list);
  
         if (mdrcnt > 0) {
                 *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
diff --git a/source3/smbd/session.c b/source3/smbd/session.c

index 05b1026f41fc1fdbe1923f6add215632a924a4b3..30ade8aedfb798f6a83e1e832f77fc0a857928cf 100644 (file)
--- a/source3/smbd/session.c
+++ b/source3/smbd/session.c
@@ -218,6 +218,7 @@ BOOL session_traverse(int (*fn)(TDB_CONTEXT *, TDB_DATA, TDB_DATA, void *),
  ********************************************************************/
  
  struct session_list {
+       TALLOC_CTX *mem_ctx;
         int count;
         struct sessionid *sessions;
  };
@@ -230,7 +231,9 @@ static int gather_sessioninfo(TDB_CONTEXT *stdb, TDB_DATA kbuf, TDB_DATA dbuf, v
  
         i = sesslist->count;
         
-       sesslist->sessions = SMB_REALLOC_ARRAY(sesslist->sessions, struct sessionid, i+1);
+       sesslist->sessions = TALLOC_REALLOC_ARRAY(
+               sesslist->mem_ctx, sesslist->sessions, struct sessionid, i+1);
+
         if (!sesslist->sessions) {
                 sesslist->count = 0;
                 return -1;
@@ -248,10 +251,11 @@ static int gather_sessioninfo(TDB_CONTEXT *stdb, TDB_DATA kbuf, TDB_DATA dbuf, v
  /********************************************************************
  ********************************************************************/
  
-int list_sessions(struct sessionid **session_list)
+int list_sessions(TALLOC_CTX *mem_ctx, struct sessionid **session_list)
  {
         struct session_list sesslist;
  
+       sesslist.mem_ctx = mem_ctx;
         sesslist.count = 0;
         sesslist.sessions = NULL;
author	Volker Lendecke <vlendec@samba.org>
	Sat, 28 Apr 2007 18:16:33 +0000 (18:16 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 17:19:45 +0000 (12:19 -0500)
source3/rpc_server/srv_srvsvc_nt.c		patch \| blob \| history
source3/smbd/lanman.c		patch \| blob \| history
source3/smbd/session.c		patch \| blob \| history