diff options
author | Jeremy Allison <jra@samba.org> | 2003-09-08 20:27:28 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2003-09-08 20:27:28 +0000 |
commit | 5daacc87b514ec4fe2e50f159a6a422a85a77324 (patch) | |
tree | e271bdcb977408c5a1c7edee183883a1c296f304 /source3/smbd | |
parent | 5304cdb771a8498a0a64e9e2c2743d003b92749b (diff) | |
download | samba-5daacc87b514ec4fe2e50f159a6a422a85a77324.tar.gz samba-5daacc87b514ec4fe2e50f159a6a422a85a77324.tar.bz2 samba-5daacc87b514ec4fe2e50f159a6a422a85a77324.zip |
Protect against core dump if ioctl for print job sends invalid fid. Found
by Iskantharajah T <is@tracetec.com.my>.
Jeremy.
(This used to be commit a9f9dd71da41801c975303a385ff229788c9498a)
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/reply.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 5f2dd91232..6ac4cffddb 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -348,7 +348,6 @@ int reply_ioctl(connection_struct *conn, uint32 ioctl_code = (device << 16) + function; int replysize, outsize; char *p; - files_struct *fsp = file_fsp(inbuf,smb_vwv0); START_PROFILE(SMBioctl); DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code)); @@ -371,6 +370,11 @@ int reply_ioctl(connection_struct *conn, switch (ioctl_code) { case IOCTL_QUERY_JOB_INFO: { + files_struct *fsp = file_fsp(inbuf,smb_vwv0); + if (!fsp) { + END_PROFILE(SMBioctl); + return(UNIXERROR(ERRDOS,ERRbadfid)); + } SSVAL(p,0,fsp->rap_print_jobid); /* Job number */ srvstr_push(outbuf, p+2, global_myname(), 15, STR_TERMINATE|STR_ASCII); srvstr_push(outbuf, p+18, lp_servicename(SNUM(conn)), 13, STR_TERMINATE|STR_ASCII); |