RESPONDER: Fix segfault in sss_packet_send()sssd-1.5.1-62.el6

There are several places (all error-handling) where sss_cmd_done() is called with no response packet created. As a short-term solution, we need to check whether the packet is NULL and simply return EINVAL. client_send() (the consumer) will then forcibly disconnect the client (which will return PAM_SYSTEM_ERR to the client).
author: Stephen Gallagher <sgallagh@redhat.com> 2011-10-25 15:19:02 -0400
committer: Stephen Gallagher <sgallagh@redhat.com> 2011-10-25 15:19:02 -0400
commit: 6ca47b3aad137b05e356d9c7bf790de169cc313e (patch)
tree: 549b7ec45a68efa3e56b03559a8fd5e24413b692
parent: 536f81b121b8384ecde49813b49f529bf7219c85 (diff)
download: sssd-6ca47b3aad137b05e356d9c7bf790de169cc313e.tar.gz
sssd-6ca47b3aad137b05e356d9c7bf790de169cc313e.tar.xz
sssd-6ca47b3aad137b05e356d9c7bf790de169cc313e.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/src/responder/common/responder_packet.c b/src/responder/common/responder_packet.c
index d308ecd43..5132d955b 100644
--- a/src/responder/common/responder_packet.c
+++ b/src/responder/common/responder_packet.c
@@ -217,6 +217,11 @@ int sss_packet_send(struct sss_packet *packet, int fd)
     size_t len;
     void *buf;
 
+    if (!packet) {
+        /* No packet object to write to? */
+        return EINVAL;
+    }
+
     buf = packet->buffer + packet->iop;
     len = *packet->len - packet->iop;
author	Stephen Gallagher <sgallagh@redhat.com>	2011-10-25 15:19:02 -0400
committer	Stephen Gallagher <sgallagh@redhat.com>	2011-10-25 15:19:02 -0400
commit	6ca47b3aad137b05e356d9c7bf790de169cc313e (patch)
tree	549b7ec45a68efa3e56b03559a8fd5e24413b692
parent	536f81b121b8384ecde49813b49f529bf7219c85 (diff)
download	sssd-6ca47b3aad137b05e356d9c7bf790de169cc313e.tar.gz sssd-6ca47b3aad137b05e356d9c7bf790de169cc313e.tar.xz sssd-6ca47b3aad137b05e356d9c7bf790de169cc313e.zip