summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2002-12-19 22:14:53 +0000
committerJeremy Allison <jra@samba.org>2002-12-19 22:14:53 +0000
commit574c676c94eb3c9eb3b96e94a17bc4313eee7754 (patch)
treeed335c63abbe4912209e665e990e30e63ab43410
parentc52a34693d8bb007b246a365aa1ca7502156d9d2 (diff)
downloadsamba-574c676c94eb3c9eb3b96e94a17bc4313eee7754.tar.gz
samba-574c676c94eb3c9eb3b96e94a17bc4313eee7754.tar.bz2
samba-574c676c94eb3c9eb3b96e94a17bc4313eee7754.zip
Protect nmbd against malformed reply packets. Some reports on the lists showing
these. Jeremy. (This used to be commit 65d5bf65c439aee1450e330a9f2bd829d9b2c2d0)
-rw-r--r--source3/nmbd/nmbd_namequery.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/source3/nmbd/nmbd_namequery.c b/source3/nmbd/nmbd_namequery.c
index 7a820a7148..8995e9ac52 100644
--- a/source3/nmbd/nmbd_namequery.c
+++ b/source3/nmbd/nmbd_namequery.c
@@ -81,6 +81,14 @@ static void query_name_response( struct subnet_record *subrec,
}
else
{
+ if (!nmb->answers)
+ {
+ dbgtext( "query_name_response: On subnet %s ", subrec->subnet_name );
+ dbgtext( "IP %s ", inet_ntoa(p->ip) );
+ dbgtext( "returned a success response with no answer\n" );
+ return;
+ }
+
success = True;
putip((char *)&answer_ip,&nmb->answers->rdata[2]);
@@ -102,7 +110,8 @@ static void query_name_response( struct subnet_record *subrec,
{
if( DEBUGLVL( 0 ) )
{
- putip( (char *)&answer_ip, &nmb->answers->rdata[2] );
+ if (nmb->answers)
+ putip( (char *)&answer_ip, &nmb->answers->rdata[2] );
dbgtext( "query_name_response: " );
dbgtext( "Multiple (%d) responses ", rrec->num_msgs );
dbgtext( "received for a query on subnet %s ", subrec->subnet_name );