diff options
author | Gerald Carter <jerry@samba.org> | 2003-10-30 16:01:02 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2003-10-30 16:01:02 +0000 |
commit | 11e6f4b5185f6d3ee4e8c91cf598839a7f1d5002 (patch) | |
tree | 0e33582d83894239bda0f2664d32e5187156765b | |
parent | bc3ab60c96dc125ed913503d14a66923dd7cee72 (diff) | |
download | samba-11e6f4b5185f6d3ee4e8c91cf598839a7f1d5002.tar.gz samba-11e6f4b5185f6d3ee4e8c91cf598839a7f1d5002.tar.bz2 samba-11e6f4b5185f6d3ee4e8c91cf598839a7f1d5002.zip |
bug 696; check for an invalid fid before dereferencing the fsp pointer
(This used to be commit 2cc43e760b02f2088a0222d1f5080913a96f3e5a)
-rw-r--r-- | source3/smbd/trans2.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 394adeeb6f..56d1aae3a2 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -3319,7 +3319,12 @@ static int call_trans2ioctl(connection_struct *conn, char* inbuf, { char *pdata = *ppdata; files_struct *fsp = file_fsp(inbuf,smb_vwv15); + + /* check for an invalid fid before proceeding */ + if (!fsp) + return(ERROR_DOS(ERRDOS,ERRbadfid)); + if ((SVAL(inbuf,(smb_setup+4)) == LMCAT_SPL) && (SVAL(inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) { pdata = Realloc(*ppdata, 32); |