The Samba-Bugzilla – Bug 8686
Packet validation checks can be done before length validation causing uninitialized memory read.
Last modified: 2012-01-10 19:59:25 UTC
Found by Volker. Could possibly cause smbd to crash, nothing more. Patch submitted to master, once it's gone through I'll attach here for 3.5.next and 3.6.next. Jeremy.
Created attachment 7226 [details] git-am fix for 3.6.x and 3.5.x.
Comment on attachment 7226 [details] git-am fix for 3.6.x and 3.5.x. Further testing showed that we don't even get here with short packets, because init_smb_request() does a similar check and fails. But still this is a confusing piece of code that IMHO is worth fixing.
Please confirm that I can push the patches. Thanks, Karolin
Yes, please push these patches. Thanks ! Jeremy.
Pushed to both branches. Closing out bug report. Thanks!