From 6ca47b3aad137b05e356d9c7bf790de169cc313e Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Tue, 25 Oct 2011 15:19:02 -0400
Subject: RESPONDER: Fix segfault in sss_packet_send()

There are several places (all error-handling) where sss_cmd_done()
is called with no response packet created. As a short-term
solution, we need to check whether the packet is NULL and simply
return EINVAL. client_send() (the consumer) will then forcibly
disconnect the client (which will return PAM_SYSTEM_ERR to the
client).
---
 src/responder/common/responder_packet.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/responder/common/responder_packet.c b/src/responder/common/responder_packet.c
index d308ecd43..5132d955b 100644
--- a/src/responder/common/responder_packet.c
+++ b/src/responder/common/responder_packet.c
@@ -217,6 +217,11 @@ int sss_packet_send(struct sss_packet *packet, int fd)
     size_t len;
     void *buf;
 
+    if (!packet) {
+        /* No packet object to write to? */
+        return EINVAL;
+    }
+
     buf = packet->buffer + packet->iop;
     len = *packet->len - packet->iop;
 
-- 
cgit