svn commit: samba r17864 - in branches: SAMBA_3_0/source/nmbd
SAMBA_3_0_23/source/nmbd
jra at samba.org
jra at samba.org
Mon Aug 28 02:13:51 GMT 2006
Author: jra
Date: 2006-08-28 02:13:50 +0000 (Mon, 28 Aug 2006)
New Revision: 17864
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17864
Log:
Fix possible null deref if client doesn't give us
an answer record. Found by the Stanford checker.
Jeremy.
Modified:
branches/SAMBA_3_0/source/nmbd/nmbd_namequery.c
branches/SAMBA_3_0_23/source/nmbd/nmbd_namequery.c
Changeset:
Modified: branches/SAMBA_3_0/source/nmbd/nmbd_namequery.c
===================================================================
--- branches/SAMBA_3_0/source/nmbd/nmbd_namequery.c 2006-08-28 01:56:17 UTC (rev 17863)
+++ branches/SAMBA_3_0/source/nmbd/nmbd_namequery.c 2006-08-28 02:13:50 UTC (rev 17864)
@@ -59,7 +59,15 @@
rrec->repeat_count = 0;
/* How long we should wait for. */
- rrec->repeat_time = p->timestamp + nmb->answers->ttl;
+ if (nmb->answers) {
+ rrec->repeat_time = p->timestamp + nmb->answers->ttl;
+ } else {
+ /* No answer - this is probably a corrupt
+ packet.... */
+ DEBUG(0,("query_name_response: missing answer record in "
+ "NMB_WACK_OPCODE response.\n"));
+ rrec->repeat_time = p->timestamp + 10;
+ }
rrec->num_msgs--;
return;
} else if(nmb->header.rcode != 0) {
Modified: branches/SAMBA_3_0_23/source/nmbd/nmbd_namequery.c
===================================================================
--- branches/SAMBA_3_0_23/source/nmbd/nmbd_namequery.c 2006-08-28 01:56:17 UTC (rev 17863)
+++ branches/SAMBA_3_0_23/source/nmbd/nmbd_namequery.c 2006-08-28 02:13:50 UTC (rev 17864)
@@ -59,7 +59,15 @@
rrec->repeat_count = 0;
/* How long we should wait for. */
- rrec->repeat_time = p->timestamp + nmb->answers->ttl;
+ if (nmb->answers) {
+ rrec->repeat_time = p->timestamp + nmb->answers->ttl;
+ } else {
+ /* No answer - this is probably a corrupt
+ packet.... */
+ DEBUG(0,("query_name_response: missing answer record in "
+ "NMB_WACK_OPCODE response.\n"));
+ rrec->repeat_time = p->timestamp + 10;
+ }
rrec->num_msgs--;
return;
} else if(nmb->header.rcode != 0) {
More information about the samba-cvs
mailing list