1 From 6cc45e3452194f312e04109cfdae047eb0719c7c Mon Sep 17 00:00:00 2001
2 From: Jeremy Allison <jra@samba.org>
3 Date: Tue, 2 Jan 2018 15:56:03 -0800
4 Subject: [PATCH] CVE-2018-1050: s3: RPC: spoolss server. Protect against null
7 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11343
9 Signed-off-by: Jeremy Allison <jra@samba.org>
11 source3/rpc_server/spoolss/srv_spoolss_nt.c | 13 +++++++++++++
12 1 file changed, 13 insertions(+)
14 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
15 +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
16 @@ -176,6 +176,11 @@ static void prune_printername_cache(void
17 static const char *canon_servername(const char *servername)
19 const char *pservername = servername;
21 + if (servername == NULL) {
25 while (*pservername == '\\') {
28 @@ -2080,6 +2085,10 @@ WERROR _spoolss_DeletePrinterDriver(stru
29 return WERR_ACCESS_DENIED;
32 + if (r->in.architecture == NULL || r->in.driver == NULL) {
33 + return WERR_INVALID_ENVIRONMENT;
36 /* check that we have a valid driver name first */
38 if ((version = get_version_id(r->in.architecture)) == -1)
39 @@ -2225,6 +2234,10 @@ WERROR _spoolss_DeletePrinterDriverEx(st
40 return WERR_ACCESS_DENIED;
43 + if (r->in.architecture == NULL || r->in.driver == NULL) {
44 + return WERR_INVALID_ENVIRONMENT;
47 /* check that we have a valid driver name first */
48 if (get_version_id(r->in.architecture) == -1) {
49 /* this is what NT returns */