The Samba-Bugzilla – Attachment 8455 Details for
Bug 9574
A null pointer dereference in the spoolss server crashes smbd serving the connection
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
v3-6-test patch
patch (text/plain), 2.53 KB, created by
Andreas Schneider
on 2013-01-21 13:44:50 UTC
(
hide
)
Description:
v3-6-test patch
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2013-01-21 13:44:50 UTC
Size:
2.53 KB
patch
obsolete
>From c6db5b765e462124423dec38c3afa552aac5cea0 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Mon, 17 Dec 2012 15:31:21 +0100 >Subject: [PATCH 1/2] s3-rpc_server: Fix a possible null pointer dereference. >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >This variable can be set to NULL in an earlier function call. > >Found by Coverity. > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Günther Deschner <gd@samba.org> >(cherry picked from commit 72e02c73b64f1ff56b2d53ec63d68486a4f1ff90) >--- > source3/rpc_server/spoolss/srv_spoolss_nt.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c >index b5949e4..35ebe57 100644 >--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c >+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c >@@ -4442,7 +4442,8 @@ static WERROR enum_all_printers_info_1_name(TALLOC_CTX *mem_ctx, > > DEBUG(4,("enum_all_printers_info_1_name\n")); > >- if ((servername[0] == '\\') && (servername[1] == '\\')) { >+ if (servername != NULL && >+ (servername[0] == '\\') && (servername[1] == '\\')) { > s = servername + 2; > } > >-- >1.8.1 > > >From 5cf1c903c0facb8095a7ffa2b16a5b233d38ff60 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Fri, 18 Jan 2013 18:04:17 +0100 >Subject: [PATCH 2/2] BUG 9574: Fix a possible null pointer dereference in > spoolss. > >If the the client enumerates the printers and didn't specify a >servername we have a null pointer dereference, so the process serving >the connection crashes. > >Reviewed-by: David Disseldorp <ddiss@samba.org> > >Autobuild-User(master): David Disseldorp <ddiss@samba.org> >Autobuild-Date(master): Mon Jan 21 13:30:11 CET 2013 on sn-devel-104 >(cherry picked from commit c38fb0b106b62e42a5b75b1c78386bb8912c7d7e) >--- > source3/rpc_server/spoolss/srv_spoolss_nt.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c >index 35ebe57..a5579c2 100644 >--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c >+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c >@@ -4478,7 +4478,8 @@ static WERROR enum_all_printers_info_1_network(TALLOC_CTX *mem_ctx, > listed. Windows responds to this call with a > WERR_CAN_NOT_COMPLETE so we should do the same. */ > >- if (servername[0] == '\\' && servername[1] == '\\') { >+ if (servername != NULL && >+ (servername[0] == '\\') && (servername[1] == '\\')) { > s = servername + 2; > } > >-- >1.8.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=8455">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
ddiss
:
review+
Actions:
View
Attachments on
bug 9574
: 8455