Attachment 16070 Details for Bug 14417 – Proposed patch for master V1

[patch] Proposed patch for master V1

bug-14417-master-v1.patch (text/plain), 1.35 KB, created by Gary Lockyer on 2020-06-24 01:18:25 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Gary Lockyer

Created: 2020-06-24 01:18:25 UTC

Size: 1.35 KB

patch

obsolete

>From ae18adf031f77ddfd1be03fafadf22fb5caba874 Mon Sep 17 00:00:00 2001
>From: Gary Lockyer <gary@catalyst.net.nz>
>Date: Wed, 24 Jun 2020 12:42:13 +1200
>Subject: [PATCH] s4 ndt: fix infinite loop on empty UDP packet
>
>An empty UDP packet on port 137 could put the nbt server in a busy loop
>and consume 100% cpu.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=14417
>
>Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
>---
> libcli/nbt/nbtsocket.c | 17 +++++++++++++++++
> 1 file changed, 17 insertions(+)
>
>diff --git a/libcli/nbt/nbtsocket.c b/libcli/nbt/nbtsocket.c
>index f682b233fd1..597495d8848 100644
>--- a/libcli/nbt/nbtsocket.c
>+++ b/libcli/nbt/nbtsocket.c
>@@ -167,6 +167,23 @@ static void nbt_name_socket_recv(struct nbt_name_socket *nbtsock)
> 		return;
> 	}
> 
>+	if (dsize == 0) {
>+		/*
>+		 * There is no data but we need to receive from the socket
>+		 * otherwise we end up in a busy loop see bug 14417
>+		 * https://bugzilla.samba.org/show_bug.cgi?id=14417
>+		 *
>+		 * In theory we could pass a NULL pointer for the receive
>+		 * buffer as we're receiving 0 bytes but that's likely to
>+		 * cause issues in the future.
>+		 */
>+		uint8_t buf[1];
>+		(void) socket_recvfrom(
>+			nbtsock->sock, buf, dsize, &nread, tmp_ctx, &src);
>+		talloc_free(tmp_ctx);
>+		return;
>+	}
>+
> 	blob = data_blob_talloc(tmp_ctx, NULL, dsize);
> 	if (blob.data == NULL) {
> 		talloc_free(tmp_ctx);
>-- 
>2.17.1
>

Actions: View

Attachments on bug 14417: 16070 | 16071 | 16072 | 16073 | 16075 | 16076 | 16077 | 16078 | 16079 | 16080 | 16081 | 16082 | 16083 | 16084 | 16085 | 16086 | 16087 | 16092