diff options
| author | Gerald Carter <jerry@samba.org> | 2003-10-30 15:57:52 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2003-10-30 15:57:52 +0000 |
| commit | f5229d5d62510f981bd08ad8139675b50421e042 (patch) | |
| tree | 50b29d1b98120cc2b725f6ff0820b14eb500cc12 /source/smbd | |
| parent | ce1024cc10e798d4ed3bc7f6358bc4ebe9737830 (diff) | |
| download | samba-f5229d5d62510f981bd08ad8139675b50421e042.tar.gz samba-f5229d5d62510f981bd08ad8139675b50421e042.tar.xz samba-f5229d5d62510f981bd08ad8139675b50421e042.zip | |
bug 696; check for an invalid fid before dereferencing the fsp pointer
Diffstat (limited to 'source/smbd')
| -rw-r--r-- | source/smbd/trans2.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c index 394adeeb6f5..56d1aae3a2a 100644 --- a/source/smbd/trans2.c +++ b/source/smbd/trans2.c @@ -3319,7 +3319,12 @@ static int call_trans2ioctl(connection_struct *conn, char* inbuf, { char *pdata = *ppdata; files_struct *fsp = file_fsp(inbuf,smb_vwv15); + + /* check for an invalid fid before proceeding */ + if (!fsp) + return(ERROR_DOS(ERRDOS,ERRbadfid)); + if ((SVAL(inbuf,(smb_setup+4)) == LMCAT_SPL) && (SVAL(inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) { pdata = Realloc(*ppdata, 32); |