From ae18adf031f77ddfd1be03fafadf22fb5caba874 Mon Sep 17 00:00:00 2001
From: Gary Lockyer <gary@catalyst.net.nz>
Date: Wed, 24 Jun 2020 12:42:13 +1200
Subject: [PATCH] s4 ndt: fix infinite loop on empty UDP packet

An empty UDP packet on port 137 could put the nbt server in a busy loop
and consume 100% cpu.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14417

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
---
 libcli/nbt/nbtsocket.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/libcli/nbt/nbtsocket.c b/libcli/nbt/nbtsocket.c
index f682b233fd1..597495d8848 100644
--- a/libcli/nbt/nbtsocket.c
+++ b/libcli/nbt/nbtsocket.c
@@ -167,6 +167,23 @@ static void nbt_name_socket_recv(struct nbt_name_socket *nbtsock)
 		return;
 	}
 
+	if (dsize == 0) {
+		/*
+		 * There is no data but we need to receive from the socket
+		 * otherwise we end up in a busy loop see bug 14417
+		 * https://bugzilla.samba.org/show_bug.cgi?id=14417
+		 *
+		 * In theory we could pass a NULL pointer for the receive
+		 * buffer as we're receiving 0 bytes but that's likely to
+		 * cause issues in the future.
+		 */
+		uint8_t buf[1];
+		(void) socket_recvfrom(
+			nbtsock->sock, buf, dsize, &nread, tmp_ctx, &src);
+		talloc_free(tmp_ctx);
+		return;
+	}
+
 	blob = data_blob_talloc(tmp_ctx, NULL, dsize);
 	if (blob.data == NULL) {
 		talloc_free(tmp_ctx);
-- 
2.17.1