s3:params:lp_do_section - protect against NULL deref

iServiceIndex may indicate an empty slot in the ServicePtrs
array. In this case, lpcfg_serivce_ok(ServicePtrs[iServiceIndex])
may trigger a NULL deref and crash. Skipping the check
here will cause a scan of the array in add_a_service() and the
NULL slot will be used safely.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15267

Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 20 18:49:54 UTC 2022 on sn-devel-184

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index ad24ae7e9e7621c12e2bde809bb10b7c8a96a234..56a8bc2d28b5806357bcea4008a865ecb1546674 100644 (file)
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -2886,7 +2886,7 @@ bool lp_do_section(const char *pszSectionName, void *userdata)
        /* if we have a current service, tidy it up before moving on */
        bRetval = true;
 
-       if (iServiceIndex >= 0)
+       if ((iServiceIndex >= 0) && (ServicePtrs[iServiceIndex] != NULL))
                bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
 
        /* if all is still well, move to the next record in the services array */