s4:rpc_server/lsa: fix segfault in check_ft_info()

This is triggered by lsa_lsaRSetForestTrustInformation()
with ForestTrustInfo elements using FOREST_TRUST_TOP_LEVEL_NAME.

The nb_name variable was uninitialized and dereferenced without checking.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 0aad375ccd9c8d6e7077116609edc8de6404c4f3..020360df72b9381aaa9eca8df40c51541a9746f9 100644 (file)
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -4159,6 +4159,7 @@ static NTSTATUS check_ft_info(TALLOC_CTX *mem_ctx,
 
                nrec = &new_fti->records[new_fti_idx].record;
                dns_name = NULL;
+               nb_name = NULL;
                tln_conflict = false;
                sid_conflict = false;
                nb_conflict = false;
@@ -4237,6 +4238,7 @@ static NTSTATUS check_ft_info(TALLOC_CTX *mem_ctx,
                                sid_conflict = true;
                        }
                        if (!(trec->flags & LSA_NB_DISABLED_ADMIN) &&
+                           (nb_name != NULL) &&
                            strcasecmp_m(trec->data.info.netbios_name.string,
                                         nb_name) == 0) {
                                nb_conflict = true;