The branch, master has been updated
via 5b19288949e s3:params:lp_do_section - protect against NULL deref
from 57ff5a33e9f s4:torture: Fix stack variable used out of scope in
test_devicemode_full()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5b19288949e97a5af742ff2719992d56f21e364a
Author: Andrew Walker <awal...@ixsystems.com>
Date: Mon Dec 19 08:17:47 2022 -0500
s3:params:lp_do_section - protect against NULL deref
iServiceIndex may indicate an empty slot in the ServicePtrs
array. In this case, lpcfg_serivce_ok(ServicePtrs[iServiceIndex])
may trigger a NULL deref and crash. Skipping the check
here will cause a scan of the array in add_a_service() and the
NULL slot will be used safely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15267
Signed-off-by: Andrew Walker <awal...@ixsystems.com>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Tue Dec 20 18:49:54 UTC 2022 on sn-devel-184
-----------------------------------------------------------------------
Summary of changes:
source3/param/loadparm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index ad24ae7e9e7..56a8bc2d28b 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -2886,7 +2886,7 @@ bool lp_do_section(const char *pszSectionName, void
*userdata)
/* if we have a current service, tidy it up before moving on */
bRetval = true;
- if (iServiceIndex >= 0)
+ if ((iServiceIndex >= 0) && (ServicePtrs[iServiceIndex] != NULL))
bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
/* if all is still well, move to the next record in the services array
*/
--
Samba Shared Repository
