1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

Avoid NULL pointer dereference in SMBsendend handler

The "reply_sendend" function wouldn't check whether the connection had
any pending message state. A client sending an out-of-order SMBsendend
message would trigger a NULL pointer dereference.

Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Michael Hanselmann 2019-03-06 23:44:23 +01:00 committed by Andrew Bartlett
parent 0a804d38c4
commit a27c39c2c9

View File

@ -306,6 +306,12 @@ void reply_sendend(struct smb_request *req)
return;
}
if (xconn->smb1.msg_state == NULL) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBsendend);
return;
}
DEBUG(3,("SMBsendend\n"));
msg_deliver(xconn->smb1.msg_state);