From d18b7b1223a3f9f7584e6d0913fa588a2bc5a1f3 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Mon, 6 Aug 2007 21:03:03 +0000
Subject: r24254: Fix a segfault in r24102

The really pure bugfix would have replaced pparam by *pparam, but we pulled
the fid anyway.

Metze, in line 2421 the FSP_BELONGS_CONN is commented out, is that intended?
The FSCTL_CREATE_OR_GET_OBJECT_ID ioctl did not have it.

Volker
(This used to be commit 2c1376225b98a9325dfc2d00bad1722e63cf522b)
---
 source3/smbd/nttrans.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 487d523670..0008747473 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -2415,7 +2415,7 @@ static int call_nt_transact_ioctl(connection_struct *conn, char *inbuf, char *ou
 	DEBUG(10,("call_nt_transact_ioctl: function[0x%08X] FID[0x%04X] isFSctl[0x%02X] compfilter[0x%02X]\n", 
 		 function, fidnum, isFSctl, compfilter));
 
-	fsp=file_fsp(SVAL(ppsetup, 4));
+	fsp=file_fsp(fidnum);
 	/* this check is done in each implemented function case for now
 	   because I don't want to break anything... --metze
 	FSP_BELONGS_CONN(fsp,conn);*/
@@ -2441,6 +2441,8 @@ static int call_nt_transact_ioctl(connection_struct *conn, char *inbuf, char *ou
 
 		DEBUG(10,("FSCTL_CREATE_OR_GET_OBJECT_ID: called on FID[0x%04X]\n",fidnum));
 
+		FSP_BELONGS_CONN(fsp, conn);
+
 		data_count = 64;
 		pdata = nttrans_realloc(ppdata, data_count);
 		if (pdata == NULL) {
-- 
cgit