From fd6041a22065613de6746d0058ac1ae42b84b3b7 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 17 Dec 2012 17:46:34 +0100
Subject: [PATCH] s3-rpc_server: Fix null pointer derefs in
 rpc_pipe_open_interface().
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Found by Coverity and asn ;)

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---
 source3/rpc_server/rpc_ncacn_np.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c
index 25ad8570a28..b4602a91d5a 100644
--- a/source3/rpc_server/rpc_ncacn_np.c
+++ b/source3/rpc_server/rpc_ncacn_np.c
@@ -770,10 +770,12 @@ NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx,
 	NTSTATUS status;
 	TALLOC_CTX *tmp_ctx;
 
-	if (cli_pipe && rpccli_is_connected(*cli_pipe)) {
-		return NT_STATUS_OK;
-	} else {
-		TALLOC_FREE(*cli_pipe);
+	if (cli_pipe != NULL) {
+		if (rpccli_is_connected(*cli_pipe)) {
+			return NT_STATUS_OK;
+		} else {
+			TALLOC_FREE(*cli_pipe);
+		}
 	}
 
 	tmp_ctx = talloc_stackframe();
@@ -827,7 +829,7 @@ NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx,
 
 	status = NT_STATUS_OK;
 done:
-	if (NT_STATUS_IS_OK(status)) {
+	if (NT_STATUS_IS_OK(status) && cli_pipe != NULL) {
 		*cli_pipe = talloc_move(mem_ctx, &cli);
 	}
 	TALLOC_FREE(tmp_ctx);
-- 
2.11.4.GIT