[SCM] Samba Shared Repository - branch v3-6-test updated

Tue, 22 Jan 2013 03:01:18 -0800 

The branch, v3-6-test has been updated
       via  a2d6884 BUG 9574: Fix a possible null pointer dereference in 
spoolss.
       via  43810c8 s3-rpc_server: Fix a possible null pointer dereference.
      from  cd9c1a0 samr: Make use of posix_openpt

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit a2d68842ea33733fa7900831ed10e73f820afcf7
Author: Andreas Schneider <[email protected]>
Date:   Fri Jan 18 18:04:17 2013 +0100

    BUG 9574: Fix a possible null pointer dereference in spoolss.
    
    If the the client enumerates the printers and didn't specify a
    servername we have a null pointer dereference, so the process serving
    the connection crashes.
    
    Reviewed-by: David Disseldorp <[email protected]>
    
    Autobuild-User(master): David Disseldorp <[email protected]>
    Autobuild-Date(master): Mon Jan 21 13:30:11 CET 2013 on sn-devel-104
    (cherry picked from commit c38fb0b106b62e42a5b75b1c78386bb8912c7d7e)

commit 43810c80936c8f509cc2adba6193dd4c55325875
Author: Andreas Schneider <[email protected]>
Date:   Mon Dec 17 15:31:21 2012 +0100

    s3-rpc_server: Fix a possible null pointer dereference.
    
    This variable can be set to NULL in an earlier function call.
    
    Found by Coverity.
    
    Signed-off-by: Andreas Schneider <[email protected]>
    Reviewed-by: Günther Deschner <[email protected]>
    (cherry picked from commit 72e02c73b64f1ff56b2d53ec63d68486a4f1ff90)

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_server/spoolss/srv_spoolss_nt.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c 
b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index b5949e4..a5579c2 100644
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -4442,7 +4442,8 @@ static WERROR enum_all_printers_info_1_name(TALLOC_CTX 
*mem_ctx,
 
        DEBUG(4,("enum_all_printers_info_1_name\n"));
 
-       if ((servername[0] == '\\') && (servername[1] == '\\')) {
+       if (servername != NULL &&
+           (servername[0] == '\\') && (servername[1] == '\\')) {
                s = servername + 2;
        }
 
@@ -4477,7 +4478,8 @@ static WERROR enum_all_printers_info_1_network(TALLOC_CTX 
*mem_ctx,
           listed. Windows responds to this call with a
           WERR_CAN_NOT_COMPLETE so we should do the same. */
 
-       if (servername[0] == '\\' && servername[1] == '\\') {
+       if (servername != NULL &&
+           (servername[0] == '\\') && (servername[1] == '\\')) {
                 s = servername + 2;
        }
 


-- 
Samba Shared Repository

Reply via email to