sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00
Code

CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs.

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11343

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Mar 13 16:06:10 CET 2018 on sn-devel-144
This commit is contained in:
Jeremy Allison 2018-01-02 15:56:03 -08:00 committed by Stefan Metzmacher
parent 50e7788603
commit c41895be82
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
source3/rpc_server/spoolss/srv_spoolss_nt.c
View File

@ -142,6 +142,11 @@ static void prune_printername_cache(void);
static const char *canon_servername(const char *servername)
{
const char *pservername = servername;
if (servername == NULL) {
return "";
}
while (*pservername == '\\') {
pservername++;
}
@ -2041,6 +2046,10 @@ WERROR _spoolss_DeletePrinterDriver(struct pipes_struct *p,
return WERR_ACCESS_DENIED;
}
if (r->in.architecture == NULL || r->in.driver == NULL) {
return WERR_INVALID_ENVIRONMENT;
}
/* check that we have a valid driver name first */
if ((version = get_version_id(r->in.architecture)) == -1) {
@ -2180,6 +2189,10 @@ WERROR _spoolss_DeletePrinterDriverEx(struct pipes_struct *p,
return WERR_ACCESS_DENIED;
}
if (r->in.architecture == NULL || r->in.driver == NULL) {
return WERR_INVALID_ENVIRONMENT;
}
/* check that we have a valid driver name first */
if (get_version_id(r->in.architecture) == -1) {
/* this is what NT returns */