From 273479391f0c6e008c1e01a7f3ffa2de1862b9fd Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 17 Sep 2003 19:36:38 +0000
Subject: Fix coredump from Samba4 torture suite. Jeremy. (This used to be
 commit 9c1bab944526270d2ad79c75894c33f58f8e3845)

---
 source3/smbd/files.c   | 2 ++
 source3/smbd/nttrans.c | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index 1fe6f250e5..80544c9a30 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -405,6 +405,8 @@ files_struct *file_fsp(char *buf, int where)
 	if (chain_fsp)
 		return chain_fsp;
 
+	if (!buf)
+		return NULL;
 	fnum = SVAL(buf, where);
 
 	for (fsp=Files;fsp;fsp=fsp->next, count++) {
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index f8bd3ae15f..1c50744947 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1472,6 +1472,9 @@ static int call_nt_transact_notify_change(connection_struct *conn, char *inbuf,
 	files_struct *fsp;
 	uint32 flags;
 
+        if(setup_count < 6)
+		return ERROR_DOS(ERRDOS,ERRbadfunc);
+
 	fsp = file_fsp(setup,4);
 	flags = IVAL(setup, 0);
 
-- 
cgit