From c38fb0b106b62e42a5b75b1c78386bb8912c7d7e Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 18 Jan 2013 18:04:17 +0100 Subject: BUG 9574: Fix a possible null pointer dereference in spoolss. If the the client enumerates the printers and didn't specify a servername we have a null pointer dereference, so the process serving the connection crashes. Reviewed-by: David Disseldorp Autobuild-User(master): David Disseldorp Autobuild-Date(master): Mon Jan 21 13:30:11 CET 2013 on sn-devel-104 --- source3/rpc_server/spoolss/srv_spoolss_nt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c index ef854b1c08..9df0b8ab32 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c @@ -4466,7 +4466,8 @@ static WERROR enum_all_printers_info_1_network(TALLOC_CTX *mem_ctx, listed. Windows responds to this call with a WERR_CAN_NOT_COMPLETE so we should do the same. */ - if (servername[0] == '\\' && servername[1] == '\\') { + if (servername != NULL && + (servername[0] == '\\') && (servername[1] == '\\')) { s = servername + 2; } -- cgit