Protect against core dump if ioctl for print job sends invalid fid. Found

by Iskantharajah T <is@tracetec.com.my>.
Jeremy.
(This used to be commit a9f9dd71da41801c975303a385ff229788c9498a)

1 files changed, 5 insertions, 1 deletions

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 5f2dd91232..6ac4cffddb 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -348,7 +348,6 @@ int reply_ioctl(connection_struct *conn,
 	uint32 ioctl_code = (device << 16) + function;
 	int replysize, outsize;
 	char *p;
-	files_struct *fsp = file_fsp(inbuf,smb_vwv0);
 	START_PROFILE(SMBioctl);
 
 	DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
@@ -371,6 +370,11 @@ int reply_ioctl(connection_struct *conn,
 	switch (ioctl_code) {
 		case IOCTL_QUERY_JOB_INFO:		    
 		{
+			files_struct *fsp = file_fsp(inbuf,smb_vwv0);
+			if (!fsp) {
+				END_PROFILE(SMBioctl);
+				return(UNIXERROR(ERRDOS,ERRbadfid));
+			}
 			SSVAL(p,0,fsp->rap_print_jobid);             /* Job number */
 			srvstr_push(outbuf, p+2, global_myname(), 15, STR_TERMINATE|STR_ASCII);
 			srvstr_push(outbuf, p+18, lp_servicename(SNUM(conn)), 13, STR_TERMINATE|STR_ASCII);