s3: Fix a NULL pointer dereference

author Volker Lendecke <vl@samba.org>

Tue, 9 Mar 2010 10:14:14 +0000 (11:14 +0100)

committer Volker Lendecke <vl@samba.org>

Tue, 9 Mar 2010 21:00:44 +0000 (22:00 +0100)
author Volker Lendecke <vl@samba.org>
Tue, 9 Mar 2010 10:14:14 +0000 (11:14 +0100)
committer Volker Lendecke <vl@samba.org>
Tue, 9 Mar 2010 21:00:44 +0000 (22:00 +0100)
diff --git a/source3/smbd/process.c b/source3/smbd/process.c

index 65bb25db5961d298fe5c95347a8e3c6eb3b28ea8..9a39779a2bcc1bb147d279db9cfefa1027735c38 100644 (file)
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1810,6 +1810,15 @@ void chain_reply(struct smb_request *req)
          */
  
         if ((req->wct < 2) || (CVAL(req->outbuf, smb_wct) < 2)) {
+               if (req->chain_outbuf == NULL) {
+                       req->chain_outbuf = TALLOC_REALLOC_ARRAY(
+                               req, req->outbuf, uint8_t,
+                               smb_len(req->outbuf) + 4);
+                       if (req->chain_outbuf == NULL) {
+                               smb_panic("talloc failed");
+                       }
+               }
+               req->outbuf = NULL;
                 goto error;
         }
  
@@ -1837,7 +1846,7 @@ void chain_reply(struct smb_request *req)
                 req->chain_outbuf = TALLOC_REALLOC_ARRAY(
                         req, req->outbuf, uint8_t, smb_len(req->outbuf) + 4);
                 if (req->chain_outbuf == NULL) {
-                       goto error;
+                       smb_panic("talloc failed");
                 }
                 req->outbuf = NULL;
         } else {
author	Volker Lendecke <vl@samba.org>
	Tue, 9 Mar 2010 10:14:14 +0000 (11:14 +0100)
committer	Volker Lendecke <vl@samba.org>
	Tue, 9 Mar 2010 21:00:44 +0000 (22:00 +0100)