summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2002-12-19 22:14:40 +0000
committerJeremy Allison <jra@samba.org>2002-12-19 22:14:40 +0000
commit6d6ee3b227dd71bf72e0b375571573115ddfa61a (patch)
tree006aa16206151e7e734eb7c560f633f90b4fd252
parent41969738a4d5244b73864dd882d214ff8824365b (diff)
downloadsamba-6d6ee3b227dd71bf72e0b375571573115ddfa61a.tar.gz
samba-6d6ee3b227dd71bf72e0b375571573115ddfa61a.tar.bz2
samba-6d6ee3b227dd71bf72e0b375571573115ddfa61a.zip
Protect nmbd against malformed reply packets. Some reports on the lists showing
these. Jeremy. (This used to be commit 4bc49cc943504d1a9a73894f6810bc755ee6e324)
-rw-r--r--source3/nmbd/nmbd_namequery.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/source3/nmbd/nmbd_namequery.c b/source3/nmbd/nmbd_namequery.c
index 7a820a7148..8995e9ac52 100644
--- a/source3/nmbd/nmbd_namequery.c
+++ b/source3/nmbd/nmbd_namequery.c
@@ -81,6 +81,14 @@ static void query_name_response( struct subnet_record *subrec,
}
else
{
+ if (!nmb->answers)
+ {
+ dbgtext( "query_name_response: On subnet %s ", subrec->subnet_name );
+ dbgtext( "IP %s ", inet_ntoa(p->ip) );
+ dbgtext( "returned a success response with no answer\n" );
+ return;
+ }
+
success = True;
putip((char *)&answer_ip,&nmb->answers->rdata[2]);
@@ -102,7 +110,8 @@ static void query_name_response( struct subnet_record *subrec,
{
if( DEBUGLVL( 0 ) )
{
- putip( (char *)&answer_ip, &nmb->answers->rdata[2] );
+ if (nmb->answers)
+ putip( (char *)&answer_ip, &nmb->answers->rdata[2] );
dbgtext( "query_name_response: " );
dbgtext( "Multiple (%d) responses ", rrec->num_msgs );
dbgtext( "received for a query on subnet %s ", subrec->subnet_name );