git.samba.org / nivanova / samba-autobuild / .git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a971cfe)
smbd: Prevent a crash
authorVolker Lendecke <vl@samba.org>
Thu, 10 Mar 2016 07:54:54 +0000 (08:54 +0100)
committerJeremy Allison <jra@samba.org>
Thu, 10 Mar 2016 23:12:18 +0000 (00:12 +0100)
smb2srv_session_close_previous_check crashes if
ndr_pull_smbXsrv_session_globalB fails for some reason. It depends on "is_free"
to be correctly set. All we can do for an invalid database is to discard the
record and set it free.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 11 00:12:18 CET 2016 on sn-devel-144

source3/smbd/smbXsrv_session.c patch | blob | history

diff --git a/source3/smbd/smbXsrv_session.c b/source3/smbd/smbXsrv_session.c
index a5aee8c7b24731d17d764d27becf60aa3255736f..cdad47f0e3d025b95f3c36c413f55850617300ec 100644 (file)
--- a/source3/smbd/smbXsrv_session.c
+++ b/source3/smbd/smbXsrv_session.c
@@ -833,6 +833,10 @@ static void smbXsrv_session_global_verify_record(struct db_record *db_rec,
                         hex_encode_talloc(frame, key.dptr, key.dsize),
                         nt_errstr(status)));
                TALLOC_FREE(frame);
+               *is_free = true;
+               if (was_free) {
+                       *was_free = true;
+               }
                return;
        }
 
@@ -848,6 +852,10 @@ static void smbXsrv_session_global_verify_record(struct db_record *db_rec,
                         global_blob.version));
                NDR_PRINT_DEBUG(smbXsrv_session_globalB, &global_blob);
                TALLOC_FREE(frame);
+               *is_free = true;
+               if (was_free) {
+                       *was_free = true;
+               }
                return;
        }
 
Unnamed repository; edit this file 'description' to name the repository.