After merging s3 and s4 RPC handles implementations in commit
70fa7e817e48c9faa3c6c7ae3749e4a8ebf3e6c2 a new empty handle is allocated
when find_policy_by_hnd() or close_policy_hnd() is called with an empty
policy_handle (see dcesrv_handle_lookup() implementation).
This new behavior was causing a crash when running samba3.rpc.mdssvc test
with log level >= 10, because a debug message in _mdssvc_close() was
dereferencing the handle's associated data when called from
test_mdssvc_close() with an empty policy_handle.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep 20 14:31:33 UTC 2021 on sn-devel-184
*data_p = NULL;
}
+ /*
+ * Do not pass an empty policy_handle to dcesrv_handle_lookup() or
+ * it will create a new empty handle
+ */
+ if (ndr_policy_handle_empty(hnd)) {
+ p->fault_state = DCERPC_FAULT_CONTEXT_MISMATCH;
+ return NULL;
+ }
+
/*
* Do not pass handle_type to avoid setting the fault_state in the
* pipes_struct if the handle type does not match