From 53aa069b97070c73b782e2868b9b9686abe353cc Mon Sep 17 00:00:00 2001
From: Björn Baumbach <bb@sernet.de>
Date: Fri, 5 Jul 2013 13:19:59 +0200
Subject: s3-lib: fix segf while reading incomplete session info (bug #10003)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Pair-programmed-with: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
---
 source3/lib/conn_tdb.c      |  9 +++++++--
 source3/lib/sessionid_tdb.c | 15 ++++++++++-----
 2 files changed, 17 insertions(+), 7 deletions(-)

(limited to 'source3/lib')

diff --git a/source3/lib/conn_tdb.c b/source3/lib/conn_tdb.c
index a7e7cf02eb..bb7618f0d4 100644
--- a/source3/lib/conn_tdb.c
+++ b/source3/lib/conn_tdb.c
@@ -53,8 +53,13 @@ static int collect_sessions_fn(struct smbXsrv_session_global0 *global,
 	uint32_t id = global->session_global_id;
 	struct connections_forall_session sess;
 
-	sess.uid = global->auth_session_info->unix_token->uid;
-	sess.gid = global->auth_session_info->unix_token->gid;
+	if (global->auth_session_info == NULL) {
+		sess.uid = -1;
+		sess.gid = -1;
+	} else {
+		sess.uid = global->auth_session_info->unix_token->uid;
+		sess.gid = global->auth_session_info->unix_token->gid;
+	}
 	strncpy(sess.machine, global->channels[0].remote_name, sizeof(sess.machine));
 	strncpy(sess.addr, global->channels[0].remote_address, sizeof(sess.addr));
 
diff --git a/source3/lib/sessionid_tdb.c b/source3/lib/sessionid_tdb.c
index 045b3d2f2d..7a19611941 100644
--- a/source3/lib/sessionid_tdb.c
+++ b/source3/lib/sessionid_tdb.c
@@ -38,16 +38,21 @@ static int sessionid_traverse_read_fn(struct smbXsrv_session_global0 *global,
 		(struct sessionid_traverse_read_state *)private_data;
 	struct auth_session_info *session_info = global->auth_session_info;
 	struct sessionid session = {
-		.uid = session_info->unix_token->uid,
-		.gid = session_info->unix_token->gid,
+		.uid = -1,
+		.gid = -1,
 		.id_num = global->session_global_id,
 		.connect_start = nt_time_to_unix(global->creation_time),
 		.pid = global->channels[0].server_id,
 	};
 
-	strncpy(session.username,
-		session_info->unix_info->unix_name,
-		sizeof(fstring)-1);
+	if (session_info != NULL) {
+		session.uid = session_info->unix_token->uid;
+		session.gid = session_info->unix_token->gid;
+		strncpy(session.username,
+			session_info->unix_info->unix_name,
+			sizeof(fstring)-1);
+	}
+
 	strncpy(session.remote_machine,
 		global->channels[0].remote_name,
 		sizeof(fstring)-1);
-- 
cgit