git.samba.org / kai / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8e0a4e7)
r17899: Fix Stanford checker bug - possible null deref.
authorJeremy Allison <jra@samba.org>
Tue, 29 Aug 2006 00:53:28 +0000 (00:53 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 16:38:57 +0000 (11:38 -0500)
Jeremy.
(This used to be commit e77949175144cbe4cfa58788d13acc704eebc251)

source3/libads/sasl.c patch | blob | history

diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 3c0bea93d6c8e77e14ef53493c6b59d5df18aef4..b2613071b70e883c569cc5eac56ca973db2fed4a 100644 (file)
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -276,7 +276,7 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
        int i=0;
        int gss_rc, rc;
        uint8 *p;
-       uint32 max_msg_size;
+       uint32 max_msg_size = 0;
        char *sname;
        ADS_STATUS status;
        krb5_principal principal;
@@ -389,7 +389,10 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
 #if 0
        file_save("sasl_gssapi.dat", output_token.value, output_token.length);
 #endif
-       max_msg_size = (p[1]<<16) | (p[2]<<8) | p[3];
+
+       if (p) {
+               max_msg_size = (p[1]<<16) | (p[2]<<8) | p[3];
+       }
 
        gss_release_buffer(&minor_status, &output_token);
 
Kai's WIP code