[SCM] Samba Shared Repository - branch master updated

[Andreas Schneider]

On Wednesday 19 January 2011 23:24:28 Jeremy Allison wrote:
> On Wed, Jan 19, 2011 at 11:11:01PM +0100, Andreas Schneider wrote:
> > commit 7a97518e12054e1f84236501322b756c5c09d7dd
> > Author: Andreas Schneider <asn at samba.org>
> > Date:   Wed Jan 19 16:22:28 2011 +0100
> > 
> >     s3-smbd: Fixed a possible null pointer dereference.
> > 
> > index dd6af6d..b573a6c 100644
> > --- a/source3/smbd/uid.c
> > +++ b/source3/smbd/uid.c
> > @@ -229,7 +229,7 @@ void conn_clear_vuid_cache(connection_struct *conn,
> > uint16_t vuid)
> > 
> >  bool change_to_user(connection_struct *conn, uint16 vuid)
> >  {
> >  
> >  	const struct auth_serversupplied_info *server_info = NULL;
> > 
> > -	user_struct *vuser = get_valid_user_struct(conn->sconn, vuid);
> > +	user_struct *vuser;
> > 
> >  	int snum;
> >  	gid_t gid;
> >  	uid_t uid;
> > 
> > @@ -242,6 +242,8 @@ bool change_to_user(connection_struct *conn, uint16
> > vuid)
> > 
> >  		return(False);
> >  	
> >  	}
> > 
> > +	vuser = get_valid_user_struct(conn->sconn, vuid);
> > +
> > 
> >  	/*
> >  	
> >  	 * We need a separate check in security=share mode due to vuid
> >  	 * always being UID_FIELD_INVALID. If we don't do this then
> 
> Andreas, can you please explain this commit *exactly*.
> 
> How does leaving vuser undefined fix this ?
> 
> Jeremy.

Hi Jeremy,

you should look at the patch with 'git show -U20 7a97518e'

before it was like this:

user_sruct *vuser = get_valid_user_struct(conn->sconn, vuid);
if (!conn) {
	return;
}

with the patch it looks like this:

user_sruct vuser;

if (!conn) {
	return;
}

vuser = get_valid_user_struct(conn->sconn, vuid);

So we first check if conn is a valid pointer before dereferencing it.


Cheers,

	-- andreas