The Samba-Bugzilla – Attachment 6880 Details for
Bug 8452
negprot reply needs to check vwv vector length.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.6.1
0001-s3-libsmb-check-the-wct-of-the-incoming-SMBnegprot-r.patch (text/plain), 1.18 KB, created by
Jeremy Allison
on 2011-09-12 19:07:40 UTC
(
hide
)
Description:
git-am fix for 3.6.1
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2011-09-12 19:07:40 UTC
Size:
1.18 KB
patch
obsolete
>From 6cf37ddc655d308ac92e83e7ab20441c1ec5c87e Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 12 Sep 2011 12:06:53 -0700 >Subject: [PATCH] s3:libsmb: check the wct of the incoming SMBnegprot responses > >metze >--- > source3/libsmb/cliconnect.c | 10 ++++++++++ > 1 files changed, 10 insertions(+), 0 deletions(-) > >diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c >index d324899..81c1819 100644 >--- a/source3/libsmb/cliconnect.c >+++ b/source3/libsmb/cliconnect.c >@@ -2643,6 +2643,11 @@ static void cli_negprot_done(struct tevent_req *subreq) > struct timespec ts; > bool negotiated_smb_signing = false; > >+ if (wct != 0x11) { >+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); >+ return; >+ } >+ > /* NT protocol */ > cli->sec_mode = CVAL(vwv + 1, 0); > cli->max_mux = SVAL(vwv + 1, 1); >@@ -2716,6 +2721,11 @@ static void cli_negprot_done(struct tevent_req *subreq) > } > > } else if (cli->protocol >= PROTOCOL_LANMAN1) { >+ if (wct != 0x0D) { >+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); >+ return; >+ } >+ > cli->use_spnego = False; > cli->sec_mode = SVAL(vwv + 1, 0); > cli->max_xmit = SVAL(vwv + 2, 0); >-- >1.7.3.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 8452
: 6880 |
6881