notifyd: Don't trust remote pointers

Not a security hole IMO: Only root can send us messages, that's at least our
assumption.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/smbd/notifyd/notifyd.c b/source3/smbd/notifyd/notifyd.c
index ce2da547d5daa53a0d02a4545b6d46fb8dd6d24e..70f52cd7c839dd91fcb15edcf0a201106a94084b 100644 (file)
--- a/source3/smbd/notifyd/notifyd.c
+++ b/source3/smbd/notifyd/notifyd.c
@@ -1202,6 +1202,13 @@ static int notifyd_add_proxy_syswatches(struct db_record *rec,
                uint32_t subdir_filter = instance->instance.subdir_filter;
                int ret;
 
+               /*
+                * This is a remote database. Pointers that we were
+                * given don't make sense locally. Initialize to NULL
+                * in case sys_notify_watch fails.
+                */
+               instances[i].sys_watch = NULL;
+
                ret = state->sys_notify_watch(
                        db, state->sys_notify_ctx, path,
                        &filter, &subdir_filter,