s3:params:lp_do_section - protect against NULL deref

iServiceIndex may indicate an empty slot in the ServicePtrs
array. In this case, lpcfg_serivce_ok(ServicePtrs[iServiceIndex])
may trigger a NULL deref and crash. Skipping the check
here will cause a scan of the array in add_a_service() and the
NULL slot will be used safely.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15267

Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 20 18:49:54 UTC 2022 on sn-devel-184

(cherry picked from commit 5b19288949e97a5af742ff2719992d56f21e364a)

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 6d567a9e7e54bf45a29dcdebfb267869ac133f48..1cdfbb702762ec9b90a7eb973cdd0473e053d394 100644 (file)
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -2883,7 +2883,7 @@ bool lp_do_section(const char *pszSectionName, void *userdata)
        /* if we have a current service, tidy it up before moving on */
        bRetval = true;
 
-       if (iServiceIndex >= 0)
+       if ((iServiceIndex >= 0) && (ServicePtrs[iServiceIndex] != NULL))
                bRetval = lpcfg_service_ok(ServicePtrs[iServiceIndex]);
 
        /* if all is still well, move to the next record in the services array */