[SCM] Samba Shared Repository - branch master updated - 53c41661bd9692c7bdba04b7de6adc3887ab529f

Stefan Metzmacher metze at samba.org
Mon Dec 8 14:52:08 GMT 2008 

The branch, master has been updated
       via  53c41661bd9692c7bdba04b7de6adc3887ab529f (commit)
      from  26200f4fb1db81be7a9da51f317e46405351b170 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 53c41661bd9692c7bdba04b7de6adc3887ab529f
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Dec 8 15:51:01 2008 +0100

    s4:rpc_server: fix crash bugs in 26200f4fb1db81be7a9da51f317e46405351b170
    
    call->context needs to be valid.
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 source4/rpc_server/dcerpc_server.c |   20 +++++++++++++-------
 1 files changed, 13 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index 533dd16..063e3ff 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -793,12 +793,14 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
 	context_id = call->pkt.u.alter.ctx_list[0].context_id;
 
 	/* see if they are asking for a new interface */
-	if (result == 0 &&
-	    dcesrv_find_context(call->conn, context_id) == NULL) {
-		status = dcesrv_alter_new_context(call, context_id);
-		if (!NT_STATUS_IS_OK(status)) {
-			result = DCERPC_BIND_PROVIDER_REJECT;
-			reason = DCERPC_BIND_REASON_ASYNTAX;		
+	if (result == 0) {
+		call->context = dcesrv_find_context(call->conn, context_id);
+		if (!call->context) {
+			status = dcesrv_alter_new_context(call, context_id);
+			if (!NT_STATUS_IS_OK(status)) {
+				result = DCERPC_BIND_PROVIDER_REJECT;
+				reason = DCERPC_BIND_REASON_ASYNTAX;
+			}
 		}
 	}
 
@@ -819,7 +821,11 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
 	pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST;
 	pkt.u.alter_resp.max_xmit_frag = 0x2000;
 	pkt.u.alter_resp.max_recv_frag = 0x2000;
-	pkt.u.alter_resp.assoc_group_id = call->context->assoc_group_id;
+	if (result == 0) {
+		pkt.u.alter_resp.assoc_group_id = call->context->assoc_group_id;
+	} else {
+		pkt.u.alter_resp.assoc_group_id = 0;
+	}
 	pkt.u.alter_resp.num_results = 1;
 	pkt.u.alter_resp.ctx_list = talloc_array(call, struct dcerpc_ack_ctx, 1);
 	if (!pkt.u.alter_resp.ctx_list) {


-- 
Samba Shared Repository

More information about the samba-cvs mailing list