Commit e27895d5 authored by Andrew Bartlett's avatar Andrew Bartlett Committed by Gerald (Jerry) Carter
Browse files

r1121: Fix memory leak in the trans2 signing code. 

We would start the trans2 state, which is fine, but never pull the
expected reply off the packet queue.

I'm not sure if this is still a major problem after jra's recent 'no
duplicate mids on the list' change, but I think this is correct
anyway.
(This used to be commit ee23a4237d427ce72d6a8c5f180ef48d6454cddc)
parent 58686e84

source3/libsmb/smb_signing.c

+10 −2
Original line number Diff line number Diff line
@@ -497,6 +497,7 @@ BOOL cli_simple_set_signing(struct cli_state *cli, 
void cli_signing_trans_start(struct cli_state *cli, uint16 mid)

{

	struct smb_basic_signing_context *data = cli->sign_info.signing_context;

	uint32 reply_seq_num;



	if (!cli->sign_info.doing_signing || !data)

		return;
@@ -504,9 +505,16 @@ void cli_signing_trans_start(struct cli_state *cli, uint16 mid) 
	data->trans_info = smb_xmalloc(sizeof(struct trans_info_context));

	ZERO_STRUCTP(data->trans_info);



	data->trans_info->send_seq_num = data->send_seq_num-2;

	/* This ensures the sequence is pulled off the outstanding packet list */

	if (!get_sequence_for_reply(&data->outstanding_packet_list, 

				    mid, &reply_seq_num)) {

		DEBUG(1, ("get_sequence_for_reply failed - did we enter the trans signing state without sending a packet?\n")); 

	    return;

	}



	data->trans_info->send_seq_num = reply_seq_num - 1;

	data->trans_info->mid = mid;

	data->trans_info->reply_seq_num = data->send_seq_num-1;

	data->trans_info->reply_seq_num = reply_seq_num;



	DEBUG(10,("cli_signing_trans_start: storing mid = %u, reply_seq_num = %u, send_seq_num = %u \

data->send_seq_num = %u\n",