From b214365ec32c1904ea763cccd0b2b49f5f6f0869 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 29 Feb 2008 06:55:48 -0800
Subject: Patch to fix the "Invalid read of size 4" errors. Bug #3617. Jeremy.

---
 source/nmbd/nmbd_responserecordsdb.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/source/nmbd/nmbd_responserecordsdb.c b/source/nmbd/nmbd_responserecordsdb.c
index 8b056acbcde..dc16a07ccfc 100644
--- a/source/nmbd/nmbd_responserecordsdb.c
+++ b/source/nmbd/nmbd_responserecordsdb.c
@@ -47,6 +47,24 @@ static void add_response_record(struct subnet_record *subrec,
 void remove_response_record(struct subnet_record *subrec,
 				struct response_record *rrec)
 {
+	/* It is possible this can be called twice,
+	   with a rrec pointer that has been freed. So
+	   before we inderect into rrec, search for it
+	   on the responselist first. Bug #3617. JRA. */
+
+	struct response_record *p = NULL;
+
+	for (p = subrec->responselist; p; p = p->next) {
+		if (p == rrec) {
+			break;
+		}
+	}
+
+	if (p == NULL) {
+		/* We didn't find rrec on the list. */
+		return;
+	}
+
 	DLIST_REMOVE(subrec->responselist, rrec);
 
 	if(rrec->userdata) {
-- 
cgit