3 files changed, 25 insertions, 4 deletions

diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 298f4d1b54..e564bc4295 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -652,9 +652,12 @@ BOOL cli_resolve_path( const char *mountpt, struct cli_state *rootcli, const cha
 
 	fullpath[consumed/2] = '\0';
 	dos_clean_name( fullpath );
-	ppath = strchr_m( fullpath, '\\' );
-	ppath = strchr_m( ppath+1, '\\' );
-	ppath = strchr_m( ppath+1, '\\' );
+	if ((ppath = strchr_m( fullpath, '\\' )) == NULL)
+		return False;
+	if ((ppath = strchr_m( ppath+1, '\\' )) == NULL)
+		return False;
+	if ((ppath = strchr_m( ppath+1, '\\' )) == NULL)
+		return False;
 	ppath++;
 	
 	pstr_sprintf( newmount, "%s\\%s", mountpt, ppath );
diff --git a/source3/libsmb/libsmb_compat.c b/source3/libsmb/libsmb_compat.c
index 5699e153bb..cfd5948e26 100644
--- a/source3/libsmb/libsmb_compat.c
+++ b/source3/libsmb/libsmb_compat.c
@@ -341,6 +341,10 @@ int smbc_fsetxattr(int fd,
                    int flags)
 {
 	SMBCFILE * file = find_fd(fd);
+	if (file == NULL) {
+		errno = EBADF;
+		return -1;
+	}
         return statcont->setxattr(statcont, file->fname,
                                   name, value, size, flags);
 }
@@ -367,6 +371,10 @@ int smbc_fgetxattr(int fd,
                    size_t size)
 {
 	SMBCFILE * file = find_fd(fd);
+	if (file == NULL) {
+		errno = EBADF;
+		return -1;
+	}
         return statcont->getxattr(statcont, file->fname, name, value, size);
 }
 
@@ -386,6 +394,10 @@ int smbc_fremovexattr(int fd,
                       const char *name)
 {
 	SMBCFILE * file = find_fd(fd);
+	if (file == NULL) {
+		errno = EBADF;
+		return -1;
+	}
         return statcont->removexattr(statcont, file->fname, name);
 }
 
@@ -408,6 +420,10 @@ int smbc_flistxattr(int fd,
                     size_t size)
 {
 	SMBCFILE * file = find_fd(fd);
+	if (file == NULL) {
+		errno = EBADF;
+		return -1;
+	}
         return statcont->listxattr(statcont, file->fname, list, size);
 }
 
diff --git a/source3/libsmb/libsmbclient.c b/source3/libsmb/libsmbclient.c
index 4ea0ab6eb6..98264dfa86 100644
--- a/source3/libsmb/libsmbclient.c
+++ b/source3/libsmb/libsmbclient.c
@@ -3932,7 +3932,9 @@ add_ace(SEC_ACL **the_acl,
 		return True;
 	}
 
-	aces = SMB_CALLOC_ARRAY(SEC_ACE, 1+(*the_acl)->num_aces);
+	if ((aces = SMB_CALLOC_ARRAY(SEC_ACE, 1+(*the_acl)->num_aces)) == NULL) {
+		return False;
+	}
 	memcpy(aces, (*the_acl)->ace, (*the_acl)->num_aces * sizeof(SEC_ACE));
 	memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE));
 	newacl = make_sec_acl(ctx, (*the_acl)->revision,