mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
Avoid NULL pointer dereference in SMBsendend handler
The "reply_sendend" function wouldn't check whether the connection had any pending message state. A client sending an out-of-order SMBsendend message would trigger a NULL pointer dereference. Reviewed-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Michael Hanselmann <public@hansmi.ch> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
0a804d38c4
commit
a27c39c2c9
@ -306,6 +306,12 @@ void reply_sendend(struct smb_request *req)
|
||||
return;
|
||||
}
|
||||
|
||||
if (xconn->smb1.msg_state == NULL) {
|
||||
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
|
||||
END_PROFILE(SMBsendend);
|
||||
return;
|
||||
}
|
||||
|
||||
DEBUG(3,("SMBsendend\n"));
|
||||
|
||||
msg_deliver(xconn->smb1.msg_state);
|
||||
|
Loading…
Reference in New Issue
Block a user