From ec7351184f136990e96e10da98f0298c81699beb Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 15 Dec 2014 16:47:50 +0100
Subject: s4:rpc_server/lsa: fix segfault in check_ft_info()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is triggered by lsa_lsaRSetForestTrustInformation()
with ForestTrustInfo elements using FOREST_TRUST_TOP_LEVEL_NAME.

The nb_name variable was uninitialized and dereferenced without checking.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---
 source4/rpc_server/lsa/dcesrv_lsa.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 0aad375ccd9..020360df72b 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -4159,6 +4159,7 @@ static NTSTATUS check_ft_info(TALLOC_CTX *mem_ctx,
 
 		nrec = &new_fti->records[new_fti_idx].record;
 		dns_name = NULL;
+		nb_name = NULL;
 		tln_conflict = false;
 		sid_conflict = false;
 		nb_conflict = false;
@@ -4237,6 +4238,7 @@ static NTSTATUS check_ft_info(TALLOC_CTX *mem_ctx,
 				sid_conflict = true;
 			}
 			if (!(trec->flags & LSA_NB_DISABLED_ADMIN) &&
+			    (nb_name != NULL) &&
 			    strcasecmp_m(trec->data.info.netbios_name.string,
 					 nb_name) == 0) {
 				nb_conflict = true;
-- 
cgit v1.2.1