From 5daacc87b514ec4fe2e50f159a6a422a85a77324 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 8 Sep 2003 20:27:28 +0000 Subject: Protect against core dump if ioctl for print job sends invalid fid. Found by Iskantharajah T . Jeremy. (This used to be commit a9f9dd71da41801c975303a385ff229788c9498a) --- source3/smbd/reply.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source3/smbd') diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 5f2dd91232..6ac4cffddb 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -348,7 +348,6 @@ int reply_ioctl(connection_struct *conn, uint32 ioctl_code = (device << 16) + function; int replysize, outsize; char *p; - files_struct *fsp = file_fsp(inbuf,smb_vwv0); START_PROFILE(SMBioctl); DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code)); @@ -371,6 +370,11 @@ int reply_ioctl(connection_struct *conn, switch (ioctl_code) { case IOCTL_QUERY_JOB_INFO: { + files_struct *fsp = file_fsp(inbuf,smb_vwv0); + if (!fsp) { + END_PROFILE(SMBioctl); + return(UNIXERROR(ERRDOS,ERRbadfid)); + } SSVAL(p,0,fsp->rap_print_jobid); /* Job number */ srvstr_push(outbuf, p+2, global_myname(), 15, STR_TERMINATE|STR_ASCII); srvstr_push(outbuf, p+18, lp_servicename(SNUM(conn)), 13, STR_TERMINATE|STR_ASCII); -- cgit