svn commit: samba r21099 - in branches: SAMBA_3_0/source/rpc_server SAMBA_3_0_24/source/rpc_server

[jra at samba.org]

Author: jra
Date: 2007-01-31 20:28:32 +0000 (Wed, 31 Jan 2007)
New Revision: 21099

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21099

Log:
Protect ourselves from null pointer deref. This isn't
the correct fix for the Vista bug, but it needed as
protection against invalid RPC. Thanks to Martin Zielinski <mz at seh.de>
for pointing this out.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c
   branches/SAMBA_3_0_24/source/rpc_server/srv_spoolss_nt.c


Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c	2007-01-31 20:05:48 UTC (rev 21098)
+++ branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c	2007-01-31 20:28:32 UTC (rev 21099)
@@ -5988,6 +5988,12 @@
 		goto done;
 	}
 	
+	if (!secdesc_ctr) {
+		DEBUG(10,("update_printer_sec: secdesc_ctr is NULL !\n"));
+		result = WERR_INVALID_PARAM;
+		goto done;
+	}
+
 	/* Check the user has permissions to change the security
 	   descriptor.  By experimentation with two NT machines, the user
 	   requires Full Access to the printer to change security

Modified: branches/SAMBA_3_0_24/source/rpc_server/srv_spoolss_nt.c
===================================================================
--- branches/SAMBA_3_0_24/source/rpc_server/srv_spoolss_nt.c	2007-01-31 20:05:48 UTC (rev 21098)
+++ branches/SAMBA_3_0_24/source/rpc_server/srv_spoolss_nt.c	2007-01-31 20:28:32 UTC (rev 21099)
@@ -5847,6 +5847,12 @@
 		goto done;
 	}
 	
+	if (!secdesc_ctr) {
+		DEBUG(10,("update_printer_sec: secdesc_ctr is NULL !\n"));
+		result = WERR_INVALID_PARAM;
+		goto done;
+	}
+
 	/* Check the user has permissions to change the security
 	   descriptor.  By experimentation with two NT machines, the user
 	   requires Full Access to the printer to change security