sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-21 18:04:06 +03:00
Code

CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs.

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11343

Signed-off-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Jeremy Allison 2018-01-02 15:56:03 -08:00 committed by Karolin Seeger
parent ae55cfefd7
commit 53651412c1
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
source3/rpc_server/spoolss/srv_spoolss_nt.c
View File

@ -182,6 +182,11 @@ static void prune_printername_cache(void);
static const char *canon_servername(const char *servername)
{
const char *pservername = servername;
if (servername == NULL) {
return "";
}
while (*pservername == '\\') {
pservername++;
}
@ -2082,6 +2087,10 @@ WERROR _spoolss_DeletePrinterDriver(struct pipes_struct *p,
return WERR_ACCESS_DENIED;
}
if (r->in.architecture == NULL || r->in.driver == NULL) {
return WERR_INVALID_ENVIRONMENT;
}
/* check that we have a valid driver name first */
if ((version = get_version_id(r->in.architecture)) == -1) {
@ -2221,6 +2230,10 @@ WERROR _spoolss_DeletePrinterDriverEx(struct pipes_struct *p,
return WERR_ACCESS_DENIED;
}
if (r->in.architecture == NULL || r->in.driver == NULL) {
return WERR_INVALID_ENVIRONMENT;
}
/* check that we have a valid driver name first */
if (get_version_id(r->in.architecture) == -1) {
/* this is what NT returns */