The "reply_sendend" function wouldn't check whether the connection had
any pending message state. A client sending an out-of-order SMBsendend
message would trigger a NULL pointer dereference.
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
return;
}
+ if (xconn->smb1.msg_state == NULL) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ END_PROFILE(SMBsendend);
+ return;
+ }
+
DEBUG(3,("SMBsendend\n"));
msg_deliver(xconn->smb1.msg_state);