diff options
author | Luke Leighton <lkcl@samba.org> | 2000-01-03 15:31:05 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 2000-01-03 15:31:05 +0000 |
commit | 3e3a514beea2e6f46e5feb74090f1c87d7aa05bd (patch) | |
tree | 10d218cebb66e6a1e8d343216d8a2743608018d8 /source | |
parent | 492077782ff582e2e320248012ebbcd33990a55f (diff) | |
download | samba-3e3a514beea2e6f46e5feb74090f1c87d7aa05bd.tar.gz |
i hate rewriting dce/rpc reassembly code.
this bug was due to not freeing up msrpc data after it had been
sent. this wasn't a problem before i added the code that wanted
to send as many dce/rpc fragments as it could, rather than relying
on the smb client to "trigger" dce/rpc fragment reading / writing.
Diffstat (limited to 'source')
-rw-r--r-- | source/rpc_server/srv_pipe_hnd.c | 1 | ||||
-rw-r--r-- | source/rpc_server/srv_pipe_srv.c | 32 |
2 files changed, 31 insertions, 2 deletions
diff --git a/source/rpc_server/srv_pipe_hnd.c b/source/rpc_server/srv_pipe_hnd.c index 441ecc11956..4b8e47ba03b 100644 --- a/source/rpc_server/srv_pipe_hnd.c +++ b/source/rpc_server/srv_pipe_hnd.c @@ -263,7 +263,6 @@ void rpcsrv_free_temp(rpcsrv_struct *l) prs_free_data(&l->rhdr ); prs_free_data(&l->rfault ); - prs_free_data(&l->rdata_i); prs_free_data(&l->rauth ); prs_free_data(&l->rverf ); prs_free_data(&l->rntlm ); diff --git a/source/rpc_server/srv_pipe_srv.c b/source/rpc_server/srv_pipe_srv.c index 90e91eb11a5..0f3ab0636b5 100644 --- a/source/rpc_server/srv_pipe_srv.c +++ b/source/rpc_server/srv_pipe_srv.c @@ -159,6 +159,9 @@ BOOL create_rpc_reply(rpcsrv_struct *l, uint32 data_start) l->rdata_i.offset = data_len; l->rdata_offset += data_len; + prs_debug_out(&l->rdata_i, "rdata_i", 200); + prs_debug_out(&l->rdata, "rdata", 200); + if (auth_len > 0) { uint32 crc32 = 0; @@ -206,6 +209,8 @@ BOOL create_rpc_reply(rpcsrv_struct *l, uint32 data_start) prs_link(&l->rhdr, &l->rdata_i, NULL ); } + prs_debug_out(&l->rdata, "rdata - after", 200); + return l->rhdr.data != NULL && l->rhdr.offset == 0x18; } @@ -812,11 +817,23 @@ static BOOL rpc_redir_local(rpcsrv_struct *l, prs_struct *req, prs_struct *resp, if (req->data == NULL || req->data_size == 0) { + if (l->rdata.data == NULL) + { + return False; + } /* hmm, must need some more data. * create, flatten and return data in a single pdu */ if (!create_rpc_reply(l, l->rdata_offset)) return False; - return prs_copy(resp, &l->rhdr); + if (!prs_copy(resp, &l->rhdr)) return False; + + if (IS_BITS_SET_ALL(l->hdr.flags, RPC_FLG_LAST) || + l->hdr.pkt_type == RPC_BINDACK) + { + DEBUG(10,("rpc_redir_local: finished sending\n")); + prs_free_data(&l->rdata); + } + return True; } if (req->data == NULL) return False; @@ -906,6 +923,14 @@ static BOOL rpc_redir_local(rpcsrv_struct *l, prs_struct *req, prs_struct *resp, prs_debug_out(resp , "redir_local resp", 200); prs_debug_out(&l->rhdr, "send_rcv rhdr", 200); reply = prs_copy(resp, &l->rhdr); + + if (IS_BITS_SET_ALL(l->hdr.flags, RPC_FLG_LAST) || + l->hdr.pkt_type == RPC_BINDACK) + { + DEBUG(10,("rpc_redir_local: finished sending\n")); + prs_free_data(&l->rdata); + } + return True; } /* delete intermediate data used to set up the pdu. leave @@ -1013,6 +1038,11 @@ BOOL rpc_local(rpcsrv_struct *l, char *data, int len, char *name) } else { + if (l->rdata.data == NULL || l->rdata.data_size == 0) + { + DEBUG(10,("rpc_local: no data to send\n")); + return False; + } prs_free_data(&l->smb_pdu); prs_init(&l->smb_pdu, 0, 4, True); reply = rpc_redir_local(l, &l->smb_pdu, &l->rsmb_pdu, name); |