The Samba-Bugzilla – Attachment 16070 Details for
Bug 14417
CVE-2020-14303 [SECURITY] Endless loop from empty UDP packet sent to AD DC nbt_server
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed patch for master V1
bug-14417-master-v1.patch (text/plain), 1.35 KB, created by
Gary Lockyer
on 2020-06-24 01:18:25 UTC
(
hide
)
Description:
Proposed patch for master V1
Filename:
MIME Type:
Creator:
Gary Lockyer
Created:
2020-06-24 01:18:25 UTC
Size:
1.35 KB
patch
obsolete
>From ae18adf031f77ddfd1be03fafadf22fb5caba874 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Wed, 24 Jun 2020 12:42:13 +1200 >Subject: [PATCH] s4 ndt: fix infinite loop on empty UDP packet > >An empty UDP packet on port 137 could put the nbt server in a busy loop >and consume 100% cpu. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14417 > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >--- > libcli/nbt/nbtsocket.c | 17 +++++++++++++++++ > 1 file changed, 17 insertions(+) > >diff --git a/libcli/nbt/nbtsocket.c b/libcli/nbt/nbtsocket.c >index f682b233fd1..597495d8848 100644 >--- a/libcli/nbt/nbtsocket.c >+++ b/libcli/nbt/nbtsocket.c >@@ -167,6 +167,23 @@ static void nbt_name_socket_recv(struct nbt_name_socket *nbtsock) > return; > } > >+ if (dsize == 0) { >+ /* >+ * There is no data but we need to receive from the socket >+ * otherwise we end up in a busy loop see bug 14417 >+ * https://bugzilla.samba.org/show_bug.cgi?id=14417 >+ * >+ * In theory we could pass a NULL pointer for the receive >+ * buffer as we're receiving 0 bytes but that's likely to >+ * cause issues in the future. >+ */ >+ uint8_t buf[1]; >+ (void) socket_recvfrom( >+ nbtsock->sock, buf, dsize, &nread, tmp_ctx, &src); >+ talloc_free(tmp_ctx); >+ return; >+ } >+ > blob = data_blob_talloc(tmp_ctx, NULL, dsize); > if (blob.data == NULL) { > talloc_free(tmp_ctx); >-- >2.17.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 14417
:
16070
|
16071
|
16072
|
16073
|
16075
|
16076
|
16077
|
16078
|
16079
|
16080
|
16081
|
16082
|
16083
|
16084
|
16085
|
16086
|
16087
|
16092