Protect nmbd against malformed reply packets. Some reports on the lists showing

these.
Jeremy.
(This used to be commit 4bc49cc943504d1a9a73894f6810bc755ee6e324)

diff --git a/source3/nmbd/nmbd_namequery.c b/source3/nmbd/nmbd_namequery.c
index 7a820a71482e3c232b34e8055dbc01ff00c38b60..8995e9ac522acc10249ebab9b61d5244b058183a 100644 (file)
--- a/source3/nmbd/nmbd_namequery.c
+++ b/source3/nmbd/nmbd_namequery.c
@@ -81,6 +81,14 @@ static void query_name_response( struct subnet_record   *subrec,
     }
     else
     {
+      if (!nmb->answers)
+      {
+        dbgtext( "query_name_response: On subnet %s ", subrec->subnet_name );
+       dbgtext( "IP %s ", inet_ntoa(p->ip) );
+       dbgtext( "returned a success response with no answer\n" );
+       return;
+      }
+
       success = True;
 
       putip((char *)&answer_ip,&nmb->answers->rdata[2]);
@@ -102,7 +110,8 @@ static void query_name_response( struct subnet_record   *subrec,
   {
     if( DEBUGLVL( 0 ) )
       {
-      putip( (char *)&answer_ip, &nmb->answers->rdata[2] );
+      if (nmb->answers)
+        putip( (char *)&answer_ip, &nmb->answers->rdata[2] );
       dbgtext( "query_name_response: " );
       dbgtext( "Multiple (%d) responses ", rrec->num_msgs );
       dbgtext( "received for a query on subnet %s ", subrec->subnet_name );