Author: abartlet Date: 2006-09-21 06:34:21 +0000 (Thu, 21 Sep 2006) New Revision: 18779
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18779 Log: Not simo's fault, this is actually a bug I introduced a week ago, when I fixed the previous bug in this code. We need to remove fragments from the incoming fragment list, or else we leak (actually, we walk free()'ed data as we add/remove elements). Andrew Bartlett Modified: branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c =================================================================== --- branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c 2006-09-21 06:15:17 UTC (rev 18778) +++ branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c 2006-09-21 06:34:21 UTC (rev 18779) @@ -1056,7 +1056,10 @@ DLIST_ADD_END(dce_conn->incoming_fragmented_call_list, call, struct dcesrv_call_state *); return NT_STATUS_OK; - } + } + + /* This removes any fragments we may have had stashed away */ + DLIST_REMOVE(dce_conn->incoming_fragmented_call_list, call); switch (call->pkt.ptype) { case DCERPC_PKT_BIND: