bug 696; check for an invalid fid before dereferencing the fsp pointer

(This used to be commit 2cc43e760b02f2088a0222d1f5080913a96f3e5a)

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 394adeeb6f58e055285f1bf3120d214952bffe03..56d1aae3a2a562fac4804f44f7c2cd2f7e8d6c20 100644 (file)
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -3319,7 +3319,12 @@ static int call_trans2ioctl(connection_struct *conn, char* inbuf,
 {
        char *pdata = *ppdata;
        files_struct *fsp = file_fsp(inbuf,smb_vwv15);
+
+       /* check for an invalid fid before proceeding */
        
+       if (!fsp)                                
+               return(ERROR_DOS(ERRDOS,ERRbadfid));  
+
        if ((SVAL(inbuf,(smb_setup+4)) == LMCAT_SPL) &&
                        (SVAL(inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) {
                pdata = Realloc(*ppdata, 32);