From f46a4fff48a78166a5e6dcde7239b6318f9fce6c Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 10 Apr 2004 19:24:31 +0000
Subject: r148: Ensure we do not dereference a null pointer when we return the
 user session key.

---
 source/libsmb/ntlm_check.c | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/source/libsmb/ntlm_check.c b/source/libsmb/ntlm_check.c
index a7764f9e986..1d02b03e0c3 100644
--- a/source/libsmb/ntlm_check.c
+++ b/source/libsmb/ntlm_check.c
@@ -330,7 +330,9 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 					uint8 first_8_lm_hash[16];
 					memcpy(first_8_lm_hash, lm_pw, 8);
 					memset(first_8_lm_hash + 8, '\0', 8);
-					*lm_sess_key = data_blob(first_8_lm_hash, 16);
+					if (lm_sess_key) {
+						*lm_sess_key = data_blob(first_8_lm_hash, 16);
+					}
 				}
 				return NT_STATUS_OK;
 			} else {
@@ -371,8 +373,13 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 			uint8 first_8_lm_hash[16];
 			memcpy(first_8_lm_hash, lm_pw, 8);
 			memset(first_8_lm_hash + 8, '\0', 8);
-			*user_sess_key = data_blob(first_8_lm_hash, 16);
-			*lm_sess_key = data_blob(first_8_lm_hash, 16);
+			if (user_sess_key) {
+				*user_sess_key = data_blob(first_8_lm_hash, 16);
+			}
+
+			if (lm_sess_key) {
+				*lm_sess_key = data_blob(first_8_lm_hash, 16);
+			}
 			return NT_STATUS_OK;
 		}
 	}
@@ -431,8 +438,13 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 				uint8 first_8_lm_hash[16];
 				memcpy(first_8_lm_hash, lm_pw, 8);
 				memset(first_8_lm_hash + 8, '\0', 8);
-				*user_sess_key = data_blob(first_8_lm_hash, 16);
-				*lm_sess_key = data_blob(first_8_lm_hash, 16);
+				if (user_sess_key) {
+					*user_sess_key = data_blob(first_8_lm_hash, 16);
+				}
+
+				if (lm_sess_key) {
+					*lm_sess_key = data_blob(first_8_lm_hash, 16);
+				}
 			}
 			return NT_STATUS_OK;
 		}
-- 
cgit