From 456305325ce0d5d7562e0596ead983009de76143 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Tue, 7 Aug 2007 13:10:21 +0000
Subject: r24268: Fix two crashes for spoolss

strlcpy does not like a NULL source. Fix a use-after-free.
(This used to be commit c2a214501788b5f0b6f555bd01ed310d331d07fa)
---
 source3/smbd/connection.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'source3/smbd')

diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c
index da8bd89e7a..4b807f7b90 100644
--- a/source3/smbd/connection.c
+++ b/source3/smbd/connection.c
@@ -206,7 +206,7 @@ BOOL register_message_flags(BOOL doreg, uint32 msg_flags)
 		doreg ? "adding" : "removing",
 		(unsigned int)msg_flags ));
 
-	if (!(rec = connections_fetch_entry(NULL, NULL, NULL))) {
+	if (!(rec = connections_fetch_entry(NULL, NULL, ""))) {
 		DEBUG(0, ("connections_fetch_entry failed\n"));
 		return False;
 	}
@@ -225,17 +225,18 @@ BOOL register_message_flags(BOOL doreg, uint32 msg_flags)
 
 	status = rec->store(rec, rec->value, TDB_REPLACE);
 
-	TALLOC_FREE(rec);
-
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0,("register_message_flags: tdb_store failed: %s.\n",
 			 nt_errstr(status)));
+		TALLOC_FREE(rec);
 		return False;
 	}
 
 	DEBUG(10,("register_message_flags: new flags 0x%x\n",
 		(unsigned int)pcrec->bcast_msg_flags ));
 
+	TALLOC_FREE(rec);
+
 	return True;
 }
 
-- 
cgit