Now we're mallocing our directory handles rather then using a static

array, leaks are rather more severe :-). This fixes a bug in trans2
findfirst where I forgot to close a directory handle if returning a
'no such file' error. Also fixed a similar case in smbsearch.
Jeremy.

2 files changed, 68 insertions, 55 deletions

diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index b13563182c9..ad317caac93 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -1285,6 +1285,11 @@ int reply_search(connection_struct *conn, char *inbuf,char *outbuf, int dum_size
     {
       CVAL(outbuf,smb_rcls) = ERRDOS;
       SSVAL(outbuf,smb_err,ERRnofiles);
+      if(dptr_num != -1) 
+      {
+        dptr_close(dptr_num);
+        dptr_num = -1;
+      }
     }
 
   /* If we were called as SMBffirst with smb_search_id == NULL
@@ -1297,6 +1302,7 @@ int reply_search(connection_struct *conn, char *inbuf,char *outbuf, int dum_size
       SSVAL(outbuf,smb_err,ERRnofiles);
       /* Also close the dptr - we know it's gone */
       dptr_close(dptr_num);
+      dptr_num = -1;
     }
 
   /* If we were called as SMBfunique, then we can close the dirptr now ! */
diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c
index f201222a8e6..ef1990e803d 100644
--- a/source/smbd/trans2.c
+++ b/source/smbd/trans2.c
@@ -292,7 +292,7 @@ static int call_trans2open(connection_struct *conn, char *inbuf, char *outbuf,
 /****************************************************************************
   get a level dependent lanman2 dir entry.
 ****************************************************************************/
-static int get_lanman2_dir_entry(connection_struct *conn,
+static BOOL get_lanman2_dir_entry(connection_struct *conn,
 				 char *path_mask,int dirtype,int info_level,
 				 int requires_resume_key,
 				 BOOL dont_descend,char **ppdata, 
@@ -623,8 +623,9 @@ void mask_convert( char *mask)
 }
 
 /****************************************************************************
-  reply to a TRANS2_FINDFIRST
+ Reply to a TRANS2_FINDFIRST.
 ****************************************************************************/
+
 static int call_trans2findfirst(connection_struct *conn,
 				char *inbuf, char *outbuf, int bufsize,  
 				char **pparams, char **ppdata)
@@ -757,39 +758,38 @@ static int call_trans2findfirst(connection_struct *conn,
   out_of_space = False;
 
   for (i=0;(i<maxentries) && !finished && !out_of_space;i++)
-    {
+  {
 
-      /* this is a heuristic to avoid seeking the dirptr except when 
-	 absolutely necessary. It allows for a filename of about 40 chars */
-      if (space_remaining < DIRLEN_GUESS && numentries > 0)
-	{
-	  out_of_space = True;
-	  finished = False;
-	}
-      else
-	{
-	  finished = 
-	    !get_lanman2_dir_entry(conn,mask,dirtype,info_level,
-				   requires_resume_key,dont_descend,
-				   &p,pdata,space_remaining, &out_of_space,
-				   &last_name_off);
-	}
+    /* this is a heuristic to avoid seeking the dirptr except when 
+       absolutely necessary. It allows for a filename of about 40 chars */
+    if (space_remaining < DIRLEN_GUESS && numentries > 0)
+    {
+      out_of_space = True;
+      finished = False;
+    }
+    else
+    {
+      finished = !get_lanman2_dir_entry(conn,mask,dirtype,info_level,
+                   requires_resume_key,dont_descend,
+                   &p,pdata,space_remaining, &out_of_space,
+                   &last_name_off);
+    }
 
-      if (finished && out_of_space)
-	finished = False;
+    if (finished && out_of_space)
+      finished = False;
 
-      if (!finished && !out_of_space)
-	numentries++;
-      space_remaining = max_data_bytes - PTR_DIFF(p,pdata);
-    }
+    if (!finished && !out_of_space)
+      numentries++;
+    space_remaining = max_data_bytes - PTR_DIFF(p,pdata);
+  }
   
   /* Check if we can close the dirptr */
   if(close_after_first || (finished && close_if_end))
-    {
-      dptr_close(dptr_num);
-      DEBUG(5,("call_trans2findfirst - (2) closing dptr_num %d\n", dptr_num));
-      dptr_num = -1;
-    }
+  {
+    dptr_close(dptr_num);
+    DEBUG(5,("call_trans2findfirst - (2) closing dptr_num %d\n", dptr_num));
+    dptr_num = -1;
+  }
 
   /* 
    * If there are no matching entries we must return ERRDOS/ERRbadfile - 
@@ -797,7 +797,10 @@ static int call_trans2findfirst(connection_struct *conn,
    */
 
   if(numentries == 0)
+  {
+    dptr_close(dptr_num);
     return(ERROR(ERRDOS,ERRbadfile));
+  }
 
   /* At this point pdata points to numentries directory entries. */
 
@@ -1003,38 +1006,37 @@ resume_key = %d resume name = %s continue=%d level = %d\n",
   } /* end if requires_resume_key && !continue_bit */
 
   for (i=0;(i<(int)maxentries) && !finished && !out_of_space ;i++)
+  {
+    /* this is a heuristic to avoid seeking the dirptr except when 
+       absolutely necessary. It allows for a filename of about 40 chars */
+    if (space_remaining < DIRLEN_GUESS && numentries > 0)
     {
-      /* this is a heuristic to avoid seeking the dirptr except when 
-	 absolutely necessary. It allows for a filename of about 40 chars */
-      if (space_remaining < DIRLEN_GUESS && numentries > 0)
-	{
-	  out_of_space = True;
-	  finished = False;
-	}
-      else
-	{
-	  finished = 
-	    !get_lanman2_dir_entry(conn,mask,dirtype,info_level,
-				   requires_resume_key,dont_descend,
-				   &p,pdata,space_remaining, &out_of_space,
-				   &last_name_off);
-	}
+      out_of_space = True;
+      finished = False;
+    }
+    else
+    {
+      finished = !get_lanman2_dir_entry(conn,mask,dirtype,info_level,
+                   requires_resume_key,dont_descend,
+                   &p,pdata,space_remaining, &out_of_space,
+                   &last_name_off);
+    }
 
-      if (finished && out_of_space)
-	finished = False;
+    if (finished && out_of_space)
+      finished = False;
 
-      if (!finished && !out_of_space)
-	numentries++;
-      space_remaining = max_data_bytes - PTR_DIFF(p,pdata);
-    }
+    if (!finished && !out_of_space)
+      numentries++;
+    space_remaining = max_data_bytes - PTR_DIFF(p,pdata);
+  }
   
   /* Check if we can close the dirptr */
   if(close_after_request || (finished && close_if_end))
-    {
-      dptr_close(dptr_num); /* This frees up the saved mask */
-      DEBUG(5,("call_trans2findnext: closing dptr_num = %d\n", dptr_num));
-      dptr_num = -1;
-    }
+  {
+    dptr_close(dptr_num); /* This frees up the saved mask */
+    DEBUG(5,("call_trans2findnext: closing dptr_num = %d\n", dptr_num));
+    dptr_num = -1;
+  }
 
 
   /* Set up the return parameter block */
@@ -1251,6 +1253,8 @@ static int call_trans2qfilepathinfo(connection_struct *conn,
     files_struct *fsp = file_fsp(params,0);
     info_level = SVAL(params,2);
 
+    DEBUG(3,("call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = %d\n", info_level));
+
     if(fsp && fsp->open && fsp->is_directory) {
       /*
        * This is actually a QFILEINFO on a directory
@@ -1288,6 +1292,9 @@ static int call_trans2qfilepathinfo(connection_struct *conn,
   } else {
     /* qpathinfo */
     info_level = SVAL(params,0);
+
+    DEBUG(3,("call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = %d\n", info_level));
+
     fname = &fname1[0];
     pstrcpy(fname,&params[6]);
     unix_convert(fname,conn,0,&bad_path,&sbuf);