diff options
author | Jeremy Allison <jra@samba.org> | 2018-01-02 15:56:03 -0800 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2018-03-13 15:58:25 +0100 |
commit | 03e63dd9841085ee16993d74dff4e62957298bbd (patch) | |
tree | 76195bb552876b0451a7d1b41da8cca6f49a0bff | |
parent | 87b10d37533950abf793f64b43542632b3cb40ae (diff) | |
download | samba-03e63dd9841085ee16993d74dff4e62957298bbd.tar.gz |
CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11343
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(v4-8-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-8-test): Tue Mar 13 15:58:25 CET 2018 on sn-devel-144
-rw-r--r-- | source3/rpc_server/spoolss/srv_spoolss_nt.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c index f0226ba9441..f6e680e9c49 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c @@ -142,6 +142,11 @@ static void prune_printername_cache(void); static const char *canon_servername(const char *servername) { const char *pservername = servername; + + if (servername == NULL) { + return ""; + } + while (*pservername == '\\') { pservername++; } @@ -2042,6 +2047,10 @@ WERROR _spoolss_DeletePrinterDriver(struct pipes_struct *p, return WERR_ACCESS_DENIED; } + if (r->in.architecture == NULL || r->in.driver == NULL) { + return WERR_INVALID_ENVIRONMENT; + } + /* check that we have a valid driver name first */ if ((version = get_version_id(r->in.architecture)) == -1) { @@ -2181,6 +2190,10 @@ WERROR _spoolss_DeletePrinterDriverEx(struct pipes_struct *p, return WERR_ACCESS_DENIED; } + if (r->in.architecture == NULL || r->in.driver == NULL) { + return WERR_INVALID_ENVIRONMENT; + } + /* check that we have a valid driver name first */ if (get_version_id(r->in.architecture) == -1) { /* this is what NT returns */ |