svn commit: samba r17864 - in branches: SAMBA_3_0/source/nmbd SAMBA_3_0_23/source/nmbd

jra at samba.org jra at samba.org
Mon Aug 28 02:13:51 GMT 2006


Author: jra
Date: 2006-08-28 02:13:50 +0000 (Mon, 28 Aug 2006)
New Revision: 17864

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17864

Log:
Fix possible null deref if client doesn't give us
an answer record. Found by the Stanford checker.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/nmbd/nmbd_namequery.c
   branches/SAMBA_3_0_23/source/nmbd/nmbd_namequery.c


Changeset:
Modified: branches/SAMBA_3_0/source/nmbd/nmbd_namequery.c
===================================================================
--- branches/SAMBA_3_0/source/nmbd/nmbd_namequery.c	2006-08-28 01:56:17 UTC (rev 17863)
+++ branches/SAMBA_3_0/source/nmbd/nmbd_namequery.c	2006-08-28 02:13:50 UTC (rev 17864)
@@ -59,7 +59,15 @@
   
 			rrec->repeat_count = 0;
 			/* How long we should wait for. */
-			rrec->repeat_time = p->timestamp + nmb->answers->ttl;
+			if (nmb->answers) {
+				rrec->repeat_time = p->timestamp + nmb->answers->ttl;
+			} else {
+				/* No answer - this is probably a corrupt
+				   packet.... */
+				DEBUG(0,("query_name_response: missing answer record in "
+					"NMB_WACK_OPCODE response.\n"));
+				rrec->repeat_time = p->timestamp + 10;
+			}
 			rrec->num_msgs--;
 			return;
 		} else if(nmb->header.rcode != 0) {

Modified: branches/SAMBA_3_0_23/source/nmbd/nmbd_namequery.c
===================================================================
--- branches/SAMBA_3_0_23/source/nmbd/nmbd_namequery.c	2006-08-28 01:56:17 UTC (rev 17863)
+++ branches/SAMBA_3_0_23/source/nmbd/nmbd_namequery.c	2006-08-28 02:13:50 UTC (rev 17864)
@@ -59,7 +59,15 @@
   
 			rrec->repeat_count = 0;
 			/* How long we should wait for. */
-			rrec->repeat_time = p->timestamp + nmb->answers->ttl;
+			if (nmb->answers) {
+				rrec->repeat_time = p->timestamp + nmb->answers->ttl;
+			} else {
+				/* No answer - this is probably a corrupt
+				   packet.... */
+				DEBUG(0,("query_name_response: missing answer record in "
+					"NMB_WACK_OPCODE response.\n"));
+				rrec->repeat_time = p->timestamp + 10;
+			}
 			rrec->num_msgs--;
 			return;
 		} else if(nmb->header.rcode != 0) {



More information about the samba-cvs mailing list