svn commit: samba r17899 - in branches: SAMBA_3_0/source/libads SAMBA_3_0_23/source/libads

jra at samba.org jra at samba.org
Tue Aug 29 00:53:29 GMT 2006 

Author: jra
Date: 2006-08-29 00:53:28 +0000 (Tue, 29 Aug 2006)
New Revision: 17899

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17899

Log:
Fix Stanford checker bug - possible null deref.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/libads/sasl.c
   branches/SAMBA_3_0_23/source/libads/sasl.c


Changeset:
Modified: branches/SAMBA_3_0/source/libads/sasl.c
===================================================================
--- branches/SAMBA_3_0/source/libads/sasl.c	2006-08-28 23:30:43 UTC (rev 17898)
+++ branches/SAMBA_3_0/source/libads/sasl.c	2006-08-29 00:53:28 UTC (rev 17899)
@@ -276,7 +276,7 @@
 	int i=0;
 	int gss_rc, rc;
 	uint8 *p;
-	uint32 max_msg_size;
+	uint32 max_msg_size = 0;
 	char *sname;
 	ADS_STATUS status;
 	krb5_principal principal;
@@ -389,8 +389,11 @@
 #if 0
 	file_save("sasl_gssapi.dat", output_token.value, output_token.length);
 #endif
-	max_msg_size = (p[1]<<16) | (p[2]<<8) | p[3];
 
+	if (p) {
+		max_msg_size = (p[1]<<16) | (p[2]<<8) | p[3];
+	}
+
 	gss_release_buffer(&minor_status, &output_token);
 
 	output_token.value = SMB_MALLOC(strlen(ads->config.bind_path) + 8);

Modified: branches/SAMBA_3_0_23/source/libads/sasl.c
===================================================================
--- branches/SAMBA_3_0_23/source/libads/sasl.c	2006-08-28 23:30:43 UTC (rev 17898)
+++ branches/SAMBA_3_0_23/source/libads/sasl.c	2006-08-29 00:53:28 UTC (rev 17899)
@@ -276,9 +276,8 @@
 	int i=0;
 	int gss_rc, rc;
 	uint8 *p;
-	uint32 max_msg_size;
+	uint32 max_msg_size = 0;
 	char *sname;
-	unsigned sec_layer;
 	ADS_STATUS status;
 	krb5_principal principal;
 	krb5_context ctx = NULL;
@@ -390,8 +389,9 @@
 #if 0
 	file_save("sasl_gssapi.dat", output_token.value, output_token.length);
 #endif
-	max_msg_size = (p[1]<<16) | (p[2]<<8) | p[3];
-	sec_layer = *p;
+	if (p) {
+		max_msg_size = (p[1]<<16) | (p[2]<<8) | p[3];
+	}
 
 	gss_release_buffer(&minor_status, &output_token);

More information about the samba-cvs mailing list