Patch to fix the "Invalid read of size 4" errors. Bug #3617.

Jeremy. (cherry picked from commit fa12667ec284fdda45b79cbf6bf548ab0faae34f)
author: Jeremy Allison <jra@samba.org> 2008-02-29 06:55:33 -0800
committer: Karolin Seeger <kseeger@samba.org> 2008-02-29 16:09:59 +0100
commit: 5f00c79ac22ecfa846eebd910e7c25d326595f8e (patch)
tree: 3a02c7ca5b2a0fae7fc7b87f155446bf2eec5c0c
parent: 39f712048d7408ba91301b59752f2e87e894a3f0 (diff)
download: samba-5f00c79ac22ecfa846eebd910e7c25d326595f8e.tar.gz
samba-5f00c79ac22ecfa846eebd910e7c25d326595f8e.tar.xz
samba-5f00c79ac22ecfa846eebd910e7c25d326595f8e.zip
1 files changed, 18 insertions, 0 deletions
diff --git a/source/nmbd/nmbd_responserecordsdb.c b/source/nmbd/nmbd_responserecordsdb.c
index 6498ce04cf3..b042fb41edb 100644
--- a/source/nmbd/nmbd_responserecordsdb.c
+++ b/source/nmbd/nmbd_responserecordsdb.c
@@ -46,6 +46,24 @@ static void add_response_record(struct subnet_record *subrec,
 void remove_response_record(struct subnet_record *subrec,
 				struct response_record *rrec)
 {
+	/* It is possible this can be called twice,
+	   with a rrec pointer that has been freed. So
+	   before we inderect into rrec, search for it
+	   on the responselist first. Bug #3617. JRA. */
+
+	struct response_record *p = NULL;
+
+	for (p = subrec->responselist; p; p = p->next) {
+		if (p == rrec) {
+			break;
+		}
+	}
+
+	if (p == NULL) {
+		/* We didn't find rrec on the list. */
+		return;
+	}
+
 	DLIST_REMOVE(subrec->responselist, rrec);
 
 	if(rrec->userdata) {
author	Jeremy Allison <jra@samba.org>	2008-02-29 06:55:33 -0800
committer	Karolin Seeger <kseeger@samba.org>	2008-02-29 16:09:59 +0100
commit	5f00c79ac22ecfa846eebd910e7c25d326595f8e (patch)
tree	3a02c7ca5b2a0fae7fc7b87f155446bf2eec5c0c
parent	39f712048d7408ba91301b59752f2e87e894a3f0 (diff)
download	samba-5f00c79ac22ecfa846eebd910e7c25d326595f8e.tar.gz samba-5f00c79ac22ecfa846eebd910e7c25d326595f8e.tar.xz samba-5f00c79ac22ecfa846eebd910e7c25d326595f8e.zip