BUG 9574: Fix a possible null pointer dereference in spoolss.

If the the client enumerates the printers and didn't specify a
servername we have a null pointer dereference, so the process serving
the connection crashes.

Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Jan 21 13:30:11 CET 2013 on sn-devel-104
(cherry picked from commit c38fb0b106b62e42a5b75b1c78386bb8912c7d7e)

diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index 35ebe578eeea3fcf05c4b9df903c8dc05b58bc43..a5579c2f5575ce8ea193c72bd7124b11dc34b099 100644 (file)
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -4478,7 +4478,8 @@ static WERROR enum_all_printers_info_1_network(TALLOC_CTX *mem_ctx,
           listed. Windows responds to this call with a
           WERR_CAN_NOT_COMPLETE so we should do the same. */
 
-       if (servername[0] == '\\' && servername[1] == '\\') {
+       if (servername != NULL &&
+           (servername[0] == '\\') && (servername[1] == '\\')) {
                 s = servername + 2;
        }