The Samba-Bugzilla – Attachment 7904 Details for
Bug 9174
Empty SPNEGO packet can cause smbd to crash.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.6.next
0001-Fix-bug-9174-Empty-SPNEGO-packet-can-cause-smbd-to-c.patch (text/plain), 1.45 KB, created by
Jeremy Allison
on 2012-09-18 18:55:54 UTC
(
hide
)
Description:
git-am fix for 3.6.next
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2012-09-18 18:55:54 UTC
Size:
1.45 KB
patch
obsolete
>From 92c986c70059d860e15ab401ecbb3e920021a36f Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Tue, 18 Sep 2012 11:51:31 -0700 >Subject: [PATCH] Fix bug #9174: Empty SPNEGO packet can cause smbd to crash. > >All fields within NegTokenInit and NegTokenTarg are optional. We incorrectly >assume we'll always get a data blob and indirect within it. >--- > source3/smbd/sesssetup.c | 2 +- > source3/smbd/smb2_sesssetup.c | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c >index d514b93..4f09db9 100644 >--- a/source3/smbd/sesssetup.c >+++ b/source3/smbd/sesssetup.c >@@ -735,7 +735,7 @@ static void reply_spnego_auth(struct smb_request *req, > return; > } > >- if (auth.data[0] == ASN1_APPLICATION(0)) { >+ if (auth.length > 0 && auth.data[0] == ASN1_APPLICATION(0)) { > /* Might be a second negTokenTarg packet */ > char *kerb_mech = NULL; > >diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c >index 64a8053..c90368f 100644 >--- a/source3/smbd/smb2_sesssetup.c >+++ b/source3/smbd/smb2_sesssetup.c >@@ -560,7 +560,7 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session, > return NT_STATUS_LOGON_FAILURE; > } > >- if (auth.data[0] == ASN1_APPLICATION(0)) { >+ if (auth.length > 0 && auth.data[0] == ASN1_APPLICATION(0)) { > /* Might be a second negTokenTarg packet */ > DATA_BLOB secblob_in = data_blob_null; > char *kerb_mech = NULL; >-- >1.7.9.5 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 9174
: 7904