From 9cb6029f1c3650460539d5bced28caffbd21c549 Mon Sep 17 00:00:00 2001 From: Andrew Walker Date: Mon, 19 Dec 2022 08:17:47 -0500 Subject: [PATCH] s3:params:lp_do_section - protect against NULL deref iServiceIndex may indicate an empty slot in the ServicePtrs array. In this case, lpcfg_serivce_ok(ServicePtrs[iServiceIndex]) may trigger a NULL deref and crash. Skipping the check here will cause a scan of the array in add_a_service() and the NULL slot will be used safely. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15267 Signed-off-by: Andrew Walker Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Dec 20 18:49:54 UTC 2022 on sn-devel-184 (cherry picked from commit 5b19288949e97a5af742ff2719992d56f21e364a) --- source3/param/loadparm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 7e20acbf8b9..0ebdd315bd1 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -2887,7 +2887,7 @@ bool lp_do_section(const char *pszSectionName, void *userdata) /* if we have a current service, tidy it up before moving on */ bRetval = true; - if (iServiceIndex >= 0) + if ((iServiceIndex >= 0) && (ServicePtrs[iServiceIndex] != NULL)) bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]); /* if all is still well, move to the next record in the services array */ -- 2.34.1