summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2010-03-09 11:14:14 +0100
committerVolker Lendecke <vl@samba.org>2010-03-09 22:00:44 +0100
commit25452a2268ac7013da28125f3df22085139af12d (patch)
treef127f5f9944ad46641c91400e321c847c031a8e3
parentc05d13d3c2c5d516c55cec133ba635f528034862 (diff)
downloadsamba-25452a2268ac7013da28125f3df22085139af12d.tar.gz
samba-25452a2268ac7013da28125f3df22085139af12d.tar.bz2
samba-25452a2268ac7013da28125f3df22085139af12d.zip
s3: Fix a NULL pointer dereference
Found by Laurent Gaffie <laurent.gaffie@gmail.com>. Thanks! Volker
-rw-r--r--source3/smbd/process.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 65bb25db59..9a39779a2b 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1810,6 +1810,15 @@ void chain_reply(struct smb_request *req)
*/
if ((req->wct < 2) || (CVAL(req->outbuf, smb_wct) < 2)) {
+ if (req->chain_outbuf == NULL) {
+ req->chain_outbuf = TALLOC_REALLOC_ARRAY(
+ req, req->outbuf, uint8_t,
+ smb_len(req->outbuf) + 4);
+ if (req->chain_outbuf == NULL) {
+ smb_panic("talloc failed");
+ }
+ }
+ req->outbuf = NULL;
goto error;
}
@@ -1837,7 +1846,7 @@ void chain_reply(struct smb_request *req)
req->chain_outbuf = TALLOC_REALLOC_ARRAY(
req, req->outbuf, uint8_t, smb_len(req->outbuf) + 4);
if (req->chain_outbuf == NULL) {
- goto error;
+ smb_panic("talloc failed");
}
req->outbuf = NULL;
} else {