s3: Fix a NULL pointer dereference

author Volker Lendecke <vl@samba.org>

Tue, 9 Mar 2010 10:14:14 +0000 (11:14 +0100)

committer Karolin Seeger <kseeger@samba.org>

Mon, 29 Mar 2010 07:41:00 +0000 (09:41 +0200)
author Volker Lendecke <vl@samba.org>
Tue, 9 Mar 2010 10:14:14 +0000 (11:14 +0100)
committer Karolin Seeger <kseeger@samba.org>
Mon, 29 Mar 2010 07:41:00 +0000 (09:41 +0200)
diff --git a/source3/smbd/process.c b/source3/smbd/process.c

index 572f37dbbebbdbc211ad20ee78cfb471f4a2f9ab..3367d70a82734ecae229419fef2be5176765acaf 100644 (file)
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1812,6 +1812,15 @@ void chain_reply(struct smb_request *req)
          */
  
         if ((req->wct < 2) || (CVAL(req->outbuf, smb_wct) < 2)) {
+               if (req->chain_outbuf == NULL) {
+                       req->chain_outbuf = TALLOC_REALLOC_ARRAY(
+                               req, req->outbuf, uint8_t,
+                               smb_len(req->outbuf) + 4);
+                       if (req->chain_outbuf == NULL) {
+                               smb_panic("talloc failed");
+                       }
+               }
+               req->outbuf = NULL;
                 goto error;
         }
  
@@ -1839,7 +1848,7 @@ void chain_reply(struct smb_request *req)
                 req->chain_outbuf = TALLOC_REALLOC_ARRAY(
                         req, req->outbuf, uint8_t, smb_len(req->outbuf) + 4);
                 if (req->chain_outbuf == NULL) {
-                       goto error;
+                       smb_panic("talloc failed");
                 }
                 req->outbuf = NULL;
         } else {
author	Volker Lendecke <vl@samba.org>
	Tue, 9 Mar 2010 10:14:14 +0000 (11:14 +0100)
committer	Karolin Seeger <kseeger@samba.org>
	Mon, 29 Mar 2010 07:41:00 +0000 (09:41 +0200)