From 6f9ce7def71ac7156be1583a6a0d610414330c98 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 28 Aug 2006 02:13:50 +0000
Subject: r17864: Fix possible null deref if client doesn't give us an answer
 record. Found by the Stanford checker. Jeremy. (This used to be commit
 1ec77c50118de808f710b17f878b1e80d4e351d5)

---
 source3/nmbd/nmbd_namequery.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'source3/nmbd/nmbd_namequery.c')

diff --git a/source3/nmbd/nmbd_namequery.c b/source3/nmbd/nmbd_namequery.c
index 1b07852f111..2c1cd130345 100644
--- a/source3/nmbd/nmbd_namequery.c
+++ b/source3/nmbd/nmbd_namequery.c
@@ -59,7 +59,15 @@ static void query_name_response( struct subnet_record   *subrec,
   
 			rrec->repeat_count = 0;
 			/* How long we should wait for. */
-			rrec->repeat_time = p->timestamp + nmb->answers->ttl;
+			if (nmb->answers) {
+				rrec->repeat_time = p->timestamp + nmb->answers->ttl;
+			} else {
+				/* No answer - this is probably a corrupt
+				   packet.... */
+				DEBUG(0,("query_name_response: missing answer record in "
+					"NMB_WACK_OPCODE response.\n"));
+				rrec->repeat_time = p->timestamp + 10;
+			}
 			rrec->num_msgs--;
 			return;
 		} else if(nmb->header.rcode != 0) {
-- 
cgit v1.2.1