Protect against core dump if ioctl for print job sends invalid fid. Found

by Iskantharajah T <is@tracetec.com.my>.
Jeremy.
(This used to be commit a9f9dd71da41801c975303a385ff229788c9498a)

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 5f2dd9123272dd25f716e326e9f2cbee14f1d3a1..6ac4cffddb4eaf3a542e007a33c9bb02585d15f3 100644 (file)
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -348,7 +348,6 @@ int reply_ioctl(connection_struct *conn,
        uint32 ioctl_code = (device << 16) + function;
        int replysize, outsize;
        char *p;
-       files_struct *fsp = file_fsp(inbuf,smb_vwv0);
        START_PROFILE(SMBioctl);
 
        DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
@@ -371,6 +370,11 @@ int reply_ioctl(connection_struct *conn,
        switch (ioctl_code) {
                case IOCTL_QUERY_JOB_INFO:                  
                {
+                       files_struct *fsp = file_fsp(inbuf,smb_vwv0);
+                       if (!fsp) {
+                               END_PROFILE(SMBioctl);
+                               return(UNIXERROR(ERRDOS,ERRbadfid));
+                       }
                        SSVAL(p,0,fsp->rap_print_jobid);             /* Job number */
                        srvstr_push(outbuf, p+2, global_myname(), 15, STR_TERMINATE|STR_ASCII);
                        srvstr_push(outbuf, p+18, lp_servicename(SNUM(conn)), 13, STR_TERMINATE|STR_ASCII);