The Samba-Bugzilla – Attachment 13016 Details for
Bug 12610
smbd can crash on bad negprot.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 4.6.next
bug-12610-v46 (text/plain), 5.27 KB, created by
Jeremy Allison
on 2017-03-03 18:07:00 UTC
(
hide
)
Description:
git-am fix for 4.6.next
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2017-03-03 18:07:00 UTC
Size:
5.27 KB
patch
obsolete
>From 6cb051a0ad84e3b8f7b56e355ad65b8923d1a82b Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Tue, 28 Feb 2017 15:03:45 +0000 >Subject: [PATCH 1/2] smbd: Do an early exit on negprot failure >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12610 > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Ralph Böhme <slow@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit cf9acf9a3da932fca115967eb3d9d9ed48fcbbfc) >--- > source3/smbd/negprot.c | 21 +++++++++++++++------ > 1 file changed, 15 insertions(+), 6 deletions(-) > >diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c >index cdde334ccba..838ff45aad1 100644 >--- a/source3/smbd/negprot.c >+++ b/source3/smbd/negprot.c >@@ -723,17 +723,26 @@ void reply_negprot(struct smb_request *req) > break; > } > >- if(choice != -1) { >- fstrcpy(remote_proto,supported_protocols[protocol].short_name); >- reload_services(sconn, conn_snum_used, true); >- supported_protocols[protocol].proto_reply_fn(req, choice); >- DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name)); >- } else { >+ if (choice == -1) { >+ bool ok; >+ > DBG_NOTICE("No protocol supported !\n"); > reply_outbuf(req, 1, 0); > SSVAL(req->outbuf, smb_vwv0, choice); >+ >+ ok = srv_send_smb(xconn, (char *)req->outbuf, >+ false, 0, false, NULL); >+ if (!ok) { >+ DBG_NOTICE("srv_send_smb failed\n"); >+ } >+ exit_server_cleanly("no protocol supported\n"); > } > >+ fstrcpy(remote_proto,supported_protocols[protocol].short_name); >+ reload_services(sconn, conn_snum_used, true); >+ supported_protocols[protocol].proto_reply_fn(req, choice); >+ DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name)); >+ > DEBUG( 5, ( "negprot index=%d\n", choice ) ); > > /* We always have xconn->smb1.signing_state also for >= SMB2_02 */ >-- >2.12.0.rc1.440.g5b76565f74-goog > > >From f24c6b31e59367f1a8e7d7d5d9c707b604c1483a Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Tue, 28 Feb 2017 16:17:03 +0100 >Subject: [PATCH 2/2] torture3: Add test for smbd crash >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12610 > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Ralph Böhme <slow@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Fri Mar 3 06:20:50 CET 2017 on sn-devel-144 > >(cherry picked from commit a52c7f4d52df6853f925e680eadefcdfdc7bea85) >--- > source3/torture/torture.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 76 insertions(+) > >diff --git a/source3/torture/torture.c b/source3/torture/torture.c >index 393d3435543..754e3b6933a 100644 >--- a/source3/torture/torture.c >+++ b/source3/torture/torture.c >@@ -11017,6 +11017,81 @@ static bool run_local_canonicalize_path(int dummy) > return true; > } > >+static bool run_ign_bad_negprot(int dummy) >+{ >+ struct tevent_context *ev; >+ struct tevent_req *req; >+ struct smbXcli_conn *conn; >+ struct sockaddr_storage ss; >+ NTSTATUS status; >+ int fd; >+ bool ok; >+ >+ printf("starting ignore bad negprot\n"); >+ >+ ok = resolve_name(host, &ss, 0x20, true); >+ if (!ok) { >+ d_fprintf(stderr, "Could not resolve name %s\n", host); >+ return false; >+ } >+ >+ status = open_socket_out(&ss, 445, 10000, &fd); >+ if (!NT_STATUS_IS_OK(status)) { >+ d_fprintf(stderr, "open_socket_out failed: %s\n", >+ nt_errstr(status)); >+ return false; >+ } >+ >+ conn = smbXcli_conn_create(talloc_tos(), fd, host, SMB_SIGNING_OFF, 0, >+ NULL, 0); >+ if (conn == NULL) { >+ d_fprintf(stderr, "smbXcli_conn_create failed\n"); >+ return false; >+ } >+ >+ status = smbXcli_negprot(conn, 0, PROTOCOL_CORE, PROTOCOL_CORE); >+ if (NT_STATUS_IS_OK(status)) { >+ d_fprintf(stderr, "smbXcli_negprot succeeded!\n"); >+ return false; >+ } >+ >+ ev = samba_tevent_context_init(talloc_tos()); >+ if (ev == NULL) { >+ d_fprintf(stderr, "samba_tevent_context_init failed\n"); >+ return false; >+ } >+ >+ req = smb1cli_session_setup_nt1_send( >+ ev, ev, conn, 0, getpid(), NULL, 65503, 2, 1, 0, "", "", >+ data_blob_null, data_blob_null, 0x40, >+ "Windows 2000 2195", "Windows 2000 5.0"); >+ if (req == NULL) { >+ d_fprintf(stderr, "smb1cli_session_setup_nt1_send failed\n"); >+ return false; >+ } >+ >+ ok = tevent_req_poll_ntstatus(req, ev, &status); >+ if (!ok) { >+ d_fprintf(stderr, "tevent_req_poll failed\n"); >+ return false; >+ } >+ >+ status = smb1cli_session_setup_nt1_recv(req, NULL, NULL, NULL, NULL, >+ NULL, NULL); >+ if (!NT_STATUS_EQUAL(status, NT_STATUS_CONNECTION_RESET)) { >+ d_fprintf(stderr, "smb1cli_session_setup_nt1_recv returned " >+ "%s, expected NT_STATUS_CONNECTION_RESET\n", >+ nt_errstr(status)); >+ return false; >+ } >+ >+ TALLOC_FREE(conn); >+ >+ printf("starting ignore bad negprot\n"); >+ >+ return true; >+} >+ > static double create_procs(bool (*fn)(int), bool *result) > { > int i, status; >@@ -11206,6 +11281,7 @@ static struct { > { "NOTIFY-BENCH2", run_notify_bench2 }, > { "NOTIFY-BENCH3", run_notify_bench3 }, > { "BAD-NBT-SESSION", run_bad_nbt_session }, >+ { "IGN-BAD-NEGPROT", run_ign_bad_negprot }, > { "SMB-ANY-CONNECT", run_smb_any_connect }, > { "NOTIFY-ONLINE", run_notify_online }, > { "SMB2-BASIC", run_smb2_basic }, >-- >2.12.0.rc1.440.g5b76565f74-goog >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
slow
:
review+
Actions:
View
Attachments on
bug 12610
: 13016 |
13017