The Samba-Bugzilla – Attachment 6881 Details for
Bug 8452
negprot reply needs to check vwv vector length.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.5.x.
0001-s3-libsmb-check-the-wct-of-the-incoming-SMBnegprot-r.patch (text/plain), 1.18 KB, created by
Jeremy Allison
on 2011-09-12 19:11:40 UTC
(
hide
)
Description:
git-am fix for 3.5.x.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2011-09-12 19:11:40 UTC
Size:
1.18 KB
patch
obsolete
>From d60eaef50d9a9983f13610d13aba9c831c7d217b Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 12 Sep 2011 12:10:54 -0700 >Subject: [PATCH] s3:libsmb: check the wct of the incoming SMBnegprot responses > >metze >--- > source3/libsmb/cliconnect.c | 10 ++++++++++ > 1 files changed, 10 insertions(+), 0 deletions(-) > >diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c >index 6316db1..7606810 100644 >--- a/source3/libsmb/cliconnect.c >+++ b/source3/libsmb/cliconnect.c >@@ -1700,6 +1700,11 @@ static void cli_negprot_done(struct tevent_req *subreq) > struct timespec ts; > bool negotiated_smb_signing = false; > >+ if (wct != 0x11) { >+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); >+ return; >+ } >+ > /* NT protocol */ > cli->sec_mode = CVAL(vwv + 1, 0); > cli->max_mux = SVAL(vwv + 1, 1); >@@ -1765,6 +1770,11 @@ static void cli_negprot_done(struct tevent_req *subreq) > } > > } else if (cli->protocol >= PROTOCOL_LANMAN1) { >+ if (wct != 0x0D) { >+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); >+ return; >+ } >+ > cli->use_spnego = False; > cli->sec_mode = SVAL(vwv + 1, 0); > cli->max_xmit = SVAL(vwv + 2, 0); >-- >1.7.3.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 8452
:
6880
| 6881