Attachment 7904 Details for Bug 9174 – git-am fix for 3.6.next

[patch] git-am fix for 3.6.next

0001-Fix-bug-9174-Empty-SPNEGO-packet-can-cause-smbd-to-c.patch (text/plain), 1.45 KB, created by Jeremy Allison on 2012-09-18 18:55:54 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jeremy Allison

Created: 2012-09-18 18:55:54 UTC

Size: 1.45 KB

patch

obsolete

>From 92c986c70059d860e15ab401ecbb3e920021a36f Mon Sep 17 00:00:00 2001
>From: Jeremy Allison <jra@samba.org>
>Date: Tue, 18 Sep 2012 11:51:31 -0700
>Subject: [PATCH] Fix bug #9174: Empty SPNEGO packet can cause smbd to crash.
>
>All fields within NegTokenInit and NegTokenTarg are optional. We incorrectly
>assume we'll always get a data blob and indirect within it.
>---
> source3/smbd/sesssetup.c      |    2 +-
> source3/smbd/smb2_sesssetup.c |    2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
>diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
>index d514b93..4f09db9 100644
>--- a/source3/smbd/sesssetup.c
>+++ b/source3/smbd/sesssetup.c
>@@ -735,7 +735,7 @@ static void reply_spnego_auth(struct smb_request *req,
> 		return;
> 	}
> 
>-	if (auth.data[0] == ASN1_APPLICATION(0)) {
>+	if (auth.length > 0 && auth.data[0] == ASN1_APPLICATION(0)) {
> 		/* Might be a second negTokenTarg packet */
> 		char *kerb_mech = NULL;
> 
>diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
>index 64a8053..c90368f 100644
>--- a/source3/smbd/smb2_sesssetup.c
>+++ b/source3/smbd/smb2_sesssetup.c
>@@ -560,7 +560,7 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
> 		return NT_STATUS_LOGON_FAILURE;
> 	}
> 
>-	if (auth.data[0] == ASN1_APPLICATION(0)) {
>+	if (auth.length > 0 && auth.data[0] == ASN1_APPLICATION(0)) {
> 		/* Might be a second negTokenTarg packet */
> 		DATA_BLOB secblob_in = data_blob_null;
> 		char *kerb_mech = NULL;
>-- 
>1.7.9.5
>

Flags:

metze: review+

Actions: View

Attachments on bug 9174: 7904