From 64141433693b560b2ce2927b9b1b6ea8bd4c85dc Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 2 Oct 2012 17:30:54 -0700
Subject: [PATCH] Fix bug #9214 - Bad user supplied SMB2 credit value can
 cause smbd to call smb_panic.

Terminate the connection cleanly instead.
(cherry picked from commit c2f5b2466bb05939c953341517da6d9df814b27c)
---
 source3/smbd/smb2_server.c |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index dcaefb1..d92302e 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -780,7 +780,12 @@ static void smb2_set_operation_credit(struct smbd_server_connection *sconn,
 	out_status = NT_STATUS(IVAL(outhdr, SMB2_HDR_STATUS));
 
 	SMB_ASSERT(sconn->smb2.max_credits >= sconn->smb2.credits_granted);
-	SMB_ASSERT(sconn->smb2.max_credits >= credit_charge);
+
+	if (sconn->smb2.max_credits < credit_charge) {
+		smbd_server_connection_terminate(sconn,
+			"client error: credit charge > max credits\n");
+		return;
+	}
 
 	if (out_flags & SMB2_HDR_FLAG_ASYNC) {
 		/*
-- 
1.7.7.3