diff options
author | Gerald Carter <jerry@samba.org> | 2006-08-29 16:07:10 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2006-08-29 16:07:10 +0000 |
commit | a0f6d47db31c0e894ae86ca0d05f677382acdae0 (patch) | |
tree | 10b8ac98a8b64e86c3e789ef0b95044d5b71248f | |
parent | c60dbeb1c90b45a6affd1de1661ab001fc6ca4bb (diff) | |
download | samba-a0f6d47db31c0e894ae86ca0d05f677382acdae0.tar.gz samba-a0f6d47db31c0e894ae86ca0d05f677382acdae0.tar.xz samba-a0f6d47db31c0e894ae86ca0d05f677382acdae0.zip |
r17918: * NULL deref fixes
* time fixes for tortore
* nmbd crash fix
-rw-r--r-- | source/nmbd/nmbd_namequery.c | 10 | ||||
-rw-r--r-- | source/rpc_parse/parse_samr.c | 3 | ||||
-rw-r--r-- | source/rpc_server/srv_srvsvc_nt.c | 4 | ||||
-rw-r--r-- | source/torture/torture.c | 12 | ||||
-rw-r--r-- | source/utils/ntlm_auth.c | 1 | ||||
-rw-r--r-- | source/web/cgi.c | 5 |
6 files changed, 22 insertions, 13 deletions
diff --git a/source/nmbd/nmbd_namequery.c b/source/nmbd/nmbd_namequery.c index 1b07852f111..2c1cd130345 100644 --- a/source/nmbd/nmbd_namequery.c +++ b/source/nmbd/nmbd_namequery.c @@ -59,7 +59,15 @@ static void query_name_response( struct subnet_record *subrec, rrec->repeat_count = 0; /* How long we should wait for. */ - rrec->repeat_time = p->timestamp + nmb->answers->ttl; + if (nmb->answers) { + rrec->repeat_time = p->timestamp + nmb->answers->ttl; + } else { + /* No answer - this is probably a corrupt + packet.... */ + DEBUG(0,("query_name_response: missing answer record in " + "NMB_WACK_OPCODE response.\n")); + rrec->repeat_time = p->timestamp + 10; + } rrec->num_msgs--; return; } else if(nmb->header.rcode != 0) { diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c index 9026d503c30..0bde3da26c8 100644 --- a/source/rpc_parse/parse_samr.c +++ b/source/rpc_parse/parse_samr.c @@ -6895,8 +6895,7 @@ void init_samr_q_set_userinfo2(SAMR_Q_SET_USERINFO2 * q_u, q_u->switch_value = switch_value; q_u->ctr = ctr; - if (q_u->ctr != NULL) - q_u->ctr->switch_value = switch_value; + q_u->ctr->switch_value = switch_value; switch (switch_value) { case 18: diff --git a/source/rpc_server/srv_srvsvc_nt.c b/source/rpc_server/srv_srvsvc_nt.c index a936ef58709..9cce7159674 100644 --- a/source/rpc_server/srv_srvsvc_nt.c +++ b/source/rpc_server/srv_srvsvc_nt.c @@ -653,7 +653,9 @@ static void init_srv_sess_info_0(SRV_SESS_INFO_0 *ss0, uint32 *snum, uint32 *sto (*stot) = list_sessions(&session_list); if (ss0 == NULL) { - (*snum) = 0; + if (snum) { + (*snum) = 0; + } SAFE_FREE(session_list); return; } diff --git a/source/torture/torture.c b/source/torture/torture.c index 0b3bfc18f4a..a8a8e847fbb 100644 --- a/source/torture/torture.c +++ b/source/torture/torture.c @@ -2433,8 +2433,8 @@ static BOOL run_trans2test(int dummy) fnum = cli_open(cli, fname, O_RDWR | O_CREAT | O_TRUNC, DENY_NONE); cli_close(cli, fnum); - if (!cli_qpathinfo2(cli, fname, &c_time, &a_time, &m_time, - &w_time, &size, NULL, NULL)) { + if (!cli_qpathinfo2(cli, fname, &c_time, &a_time, &w_time, + &m_time, &size, NULL, NULL)) { printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(cli)); correct = False; } else { @@ -2455,8 +2455,8 @@ static BOOL run_trans2test(int dummy) correct = False; } sleep(3); - if (!cli_qpathinfo2(cli, "\\trans2\\", &c_time, &a_time, &m_time, - &w_time, &size, NULL, NULL)) { + if (!cli_qpathinfo2(cli, "\\trans2\\", &c_time, &a_time, &w_time, + &m_time, &size, NULL, NULL)) { printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(cli)); correct = False; } @@ -2465,8 +2465,8 @@ static BOOL run_trans2test(int dummy) O_RDWR | O_CREAT | O_TRUNC, DENY_NONE); cli_write(cli, fnum, 0, (char *)&fnum, 0, sizeof(fnum)); cli_close(cli, fnum); - if (!cli_qpathinfo2(cli, "\\trans2\\", &c_time, &a_time, &m_time2, - &w_time, &size, NULL, NULL)) { + if (!cli_qpathinfo2(cli, "\\trans2\\", &c_time, &a_time, &w_time, + &m_time2, &size, NULL, NULL)) { printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(cli)); correct = False; } else { diff --git a/source/utils/ntlm_auth.c b/source/utils/ntlm_auth.c index ef24f9f1611..5695460378f 100644 --- a/source/utils/ntlm_auth.c +++ b/source/utils/ntlm_auth.c @@ -1097,7 +1097,6 @@ static void manage_client_ntlmssp_targ(SPNEGO_DATA spnego) if (client_ntlmssp_state == NULL) { DEBUG(1, ("Got NTLMSSP tArg without a client state\n")); x_fprintf(x_stdout, "BH\n"); - ntlmssp_end(&client_ntlmssp_state); return; } diff --git a/source/web/cgi.c b/source/web/cgi.c index d289613b4ba..046dd3bee62 100644 --- a/source/web/cgi.c +++ b/source/web/cgi.c @@ -80,8 +80,9 @@ static char *grab_line(FILE *f, int *cl) } - - ret[i] = 0; + if (ret) { + ret[i] = 0; + } return ret; } |