summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2003-09-17 19:36:38 +0000
committerJeremy Allison <jra@samba.org>2003-09-17 19:36:38 +0000
commit273479391f0c6e008c1e01a7f3ffa2de1862b9fd (patch)
treef9469ee0c3949f84fc479ac70972902cd0177fe8
parentc699cb78ac95eb99f2f7867525f3392bd20bad55 (diff)
downloadsamba-273479391f0c6e008c1e01a7f3ffa2de1862b9fd.tar.gz
samba-273479391f0c6e008c1e01a7f3ffa2de1862b9fd.tar.bz2
samba-273479391f0c6e008c1e01a7f3ffa2de1862b9fd.zip
Fix coredump from Samba4 torture suite.
Jeremy. (This used to be commit 9c1bab944526270d2ad79c75894c33f58f8e3845)
-rw-r--r--source3/smbd/files.c2
-rw-r--r--source3/smbd/nttrans.c3
2 files changed, 5 insertions, 0 deletions
diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index 1fe6f250e5..80544c9a30 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -405,6 +405,8 @@ files_struct *file_fsp(char *buf, int where)
if (chain_fsp)
return chain_fsp;
+ if (!buf)
+ return NULL;
fnum = SVAL(buf, where);
for (fsp=Files;fsp;fsp=fsp->next, count++) {
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index f8bd3ae15f..1c50744947 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1472,6 +1472,9 @@ static int call_nt_transact_notify_change(connection_struct *conn, char *inbuf,
files_struct *fsp;
uint32 flags;
+ if(setup_count < 6)
+ return ERROR_DOS(ERRDOS,ERRbadfunc);
+
fsp = file_fsp(setup,4);
flags = IVAL(setup, 0);