smb: init *msg to NULL in smb_send_and_recv()

... it might otherwise return OK from this function leaving that pointer
uninitialized.

Bug: https://crbug.com/oss-fuzz/16907

Closes #4286

diff --git a/lib/smb.c b/lib/smb.c
index 2703520a610b75fa1ac4875fa271aae03dff4981..f66c05ca4265af388fc9c80bfa9ff66964a05ac3 100644 (file)
--- a/lib/smb.c
+++ b/lib/smb.c
@@ -606,6 +606,7 @@ static CURLcode smb_send_and_recv(struct connectdata *conn, void **msg)
 {
   struct smb_conn *smbc = &conn->proto.smbc;
   CURLcode result;
+  *msg = NULL; /* if it returns early */
 
   /* Check if there is data in the transfer buffer */
   if(!smbc->send_size && smbc->upload_size) {