socket_wrapper.c: make FIONREAD handling more robust in swrap_vioctl()

We should only dereference the va args when the kernel already checked
they are valid.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/src/socket_wrapper.c b/src/socket_wrapper.c
index 4fb7b23c8eed358a6af1b3cb8400dd3b46e30f5f..e7a7a8a02043ddb29b0fc44a21bd7d0bbbcf304f 100644 (file)
--- a/src/socket_wrapper.c
+++ b/src/socket_wrapper.c
@@ -4635,7 +4635,7 @@ static int swrap_vioctl(int s, unsigned long int r, va_list va)
 {
        struct socket_info *si = find_socket_info(s);
        va_list ap;
-       int value;
+       int *value_ptr = NULL;
        int rc;
 
        if (!si) {
@@ -4650,11 +4650,13 @@ static int swrap_vioctl(int s, unsigned long int r, va_list va)
 
        switch (r) {
        case FIONREAD:
-               value = *((int *)va_arg(ap, int *));
+               if (rc == 0) {
+                       value_ptr = ((int *)va_arg(ap, int *));
+               }
 
                if (rc == -1 && errno != EAGAIN && errno != ENOBUFS) {
                        swrap_pcap_dump_packet(si, NULL, SWRAP_PENDING_RST, NULL, 0);
-               } else if (value == 0) { /* END OF FILE */
+               } else if (value_ptr != NULL && *value_ptr == 0) { /* END OF FILE */
                        swrap_pcap_dump_packet(si, NULL, SWRAP_PENDING_RST, NULL, 0);
                }
                break;