From c6db5b765e462124423dec38c3afa552aac5cea0 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Mon, 17 Dec 2012 15:31:21 +0100 Subject: [PATCH 1/2] s3-rpc_server: Fix a possible null pointer dereference. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This variable can be set to NULL in an earlier function call. Found by Coverity. Signed-off-by: Andreas Schneider Reviewed-by: Günther Deschner (cherry picked from commit 72e02c73b64f1ff56b2d53ec63d68486a4f1ff90) --- source3/rpc_server/spoolss/srv_spoolss_nt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c index b5949e4..35ebe57 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c @@ -4442,7 +4442,8 @@ static WERROR enum_all_printers_info_1_name(TALLOC_CTX *mem_ctx, DEBUG(4,("enum_all_printers_info_1_name\n")); - if ((servername[0] == '\\') && (servername[1] == '\\')) { + if (servername != NULL && + (servername[0] == '\\') && (servername[1] == '\\')) { s = servername + 2; } -- 1.8.1 From 5cf1c903c0facb8095a7ffa2b16a5b233d38ff60 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 18 Jan 2013 18:04:17 +0100 Subject: [PATCH 2/2] BUG 9574: Fix a possible null pointer dereference in spoolss. If the the client enumerates the printers and didn't specify a servername we have a null pointer dereference, so the process serving the connection crashes. Reviewed-by: David Disseldorp Autobuild-User(master): David Disseldorp Autobuild-Date(master): Mon Jan 21 13:30:11 CET 2013 on sn-devel-104 (cherry picked from commit c38fb0b106b62e42a5b75b1c78386bb8912c7d7e) --- source3/rpc_server/spoolss/srv_spoolss_nt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c index 35ebe57..a5579c2 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c @@ -4478,7 +4478,8 @@ static WERROR enum_all_printers_info_1_network(TALLOC_CTX *mem_ctx, listed. Windows responds to this call with a WERR_CAN_NOT_COMPLETE so we should do the same. */ - if (servername[0] == '\\' && servername[1] == '\\') { + if (servername != NULL && + (servername[0] == '\\') && (servername[1] == '\\')) { s = servername + 2; } -- 1.8.1