[PATCH] smbd: Prevent a crash

[Volker Lendecke]

Hi!

Review appreciated!

Thanks, Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From d798b6132e2e7271326212bfff3a3a6b48a95cb2 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 10 Mar 2016 08:54:54 +0100
Subject: [PATCH] smbd: Prevent a crash

smb2srv_session_close_previous_check crashes if
ndr_pull_smbXsrv_session_globalB fails for some reason. It depends on "is_free"
to be correctly set. All we can do for an invalid database is to discard the
record and set it free.

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source3/smbd/smbXsrv_session.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/source3/smbd/smbXsrv_session.c b/source3/smbd/smbXsrv_session.c
index a5aee8c..cdad47f 100644
--- a/source3/smbd/smbXsrv_session.c
+++ b/source3/smbd/smbXsrv_session.c
@@ -833,6 +833,10 @@ static void smbXsrv_session_global_verify_record(struct db_record *db_rec,
 			 hex_encode_talloc(frame, key.dptr, key.dsize),
 			 nt_errstr(status)));
 		TALLOC_FREE(frame);
+		*is_free = true;
+		if (was_free) {
+			*was_free = true;
+		}
 		return;
 	}
 
@@ -848,6 +852,10 @@ static void smbXsrv_session_global_verify_record(struct db_record *db_rec,
 			 global_blob.version));
 		NDR_PRINT_DEBUG(smbXsrv_session_globalB, &global_blob);
 		TALLOC_FREE(frame);
+		*is_free = true;
+		if (was_free) {
+			*was_free = true;
+		}
 		return;
 	}
 
-- 
1.9.1