From 4bd55f93aa5c475621b11d6b0b21a7e495afac81 Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Mon, 22 Aug 2022 15:50:02 +1200 Subject: [PATCH 1/2] libcli/smb: Ensure we call tevent_req_nterror() on failure Commit 3594c3ae202688fd8aae5f7f5e20464cb23feea9 added a NULL check for 'inhdr', but it meant we didn't always call tevent_req_nterror() when we should. Now we handle connection errors. We now also set an error status if the NULL check fails. I noticed this when an ECONNRESET error from a server refusing SMB1 wasn't handled, and the client subsequently hung in epoll_wait(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15152 Signed-off-by: Joseph Sutton Reviewed-by: Stefan Metzmacher (cherry picked from commit 40d4912d841e6bcd7cd37810ef101d5f89268ee7) --- libcli/smb/smbXcli_base.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 7579fa1c3783..125a33ccbf87 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -4469,7 +4469,11 @@ static void smbXcli_negprot_smb1_done(struct tevent_req *subreq) NULL, /* pinbuf */ expected, ARRAY_SIZE(expected)); TALLOC_FREE(subreq); - if (inhdr == NULL || tevent_req_nterror(req, status)) { + if (tevent_req_nterror(req, status)) { + return; + } + if (inhdr == NULL) { + tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR); return; } -- 2.34.1 From f185cb4e338822be2c29d8377e4882ff09ae4c1e Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Mon, 22 Aug 2022 16:56:46 +1200 Subject: [PATCH 2/2] libcli/smb: Set error status if 'iov' pointer is NULL BUG: https://bugzilla.samba.org/show_bug.cgi?id=15152 Signed-off-by: Joseph Sutton Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Mon Aug 22 09:03:29 UTC 2022 on sn-devel-184 (cherry picked from commit 75e03ea021afa66842b6e0dea21072b1b8026d58) --- libcli/smb/smbXcli_base.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 125a33ccbf87..5d5b5ac45fd7 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -5013,7 +5013,11 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq) status = smb2cli_req_recv(subreq, state, &iov, expected, ARRAY_SIZE(expected)); - if (tevent_req_nterror(req, status) || iov == NULL) { + if (tevent_req_nterror(req, status)) { + return; + } + if (iov == NULL) { + tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR); return; } -- 2.34.1