summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2011-10-25 15:19:02 -0400
committerStephen Gallagher <sgallagh@redhat.com>2011-11-02 11:22:31 -0400
commita52eb1f0635282a7851b2f2b23a4d6a26eab37ce (patch)
tree72a501febdeb2b7e073945e02c6b94c828b8ca0b
parent1bbd4c57fc31cec302244725e698413623818d19 (diff)
downloadsssd-a52eb1f0635282a7851b2f2b23a4d6a26eab37ce.tar.gz
sssd-a52eb1f0635282a7851b2f2b23a4d6a26eab37ce.tar.bz2
sssd-a52eb1f0635282a7851b2f2b23a4d6a26eab37ce.zip
RESPONDER: Fix segfault in sss_packet_send()
There are several places (all error-handling) where sss_cmd_done() is called with no response packet created. As a short-term solution, we need to check whether the packet is NULL and simply return EINVAL. client_send() (the consumer) will then forcibly disconnect the client (which will return PAM_SYSTEM_ERR to the client).
-rw-r--r--src/responder/common/responder_packet.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/responder/common/responder_packet.c b/src/responder/common/responder_packet.c
index d308ecd4..5132d955 100644
--- a/src/responder/common/responder_packet.c
+++ b/src/responder/common/responder_packet.c
@@ -217,6 +217,11 @@ int sss_packet_send(struct sss_packet *packet, int fd)
size_t len;
void *buf;
+ if (!packet) {
+ /* No packet object to write to? */
+ return EINVAL;
+ }
+
buf = packet->buffer + packet->iop;
len = *packet->len - packet->iop;