Bug 9214 - Bad user supplied SMB2 credit value can cause smbd to call smb_panic.
Summary: Bad user supplied SMB2 credit value can cause smbd to call smb_panic.
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.0.0rc2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-09-25 23:37 UTC by Jeremy Allison
Modified: 2012-10-08 10:03 UTC (History)
1 user (show)

See Also:


Attachments
git-am fix for 4.0.0 (1.10 KB, patch)
2012-10-05 20:28 UTC, Jeremy Allison
metze: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2012-09-25 23:37:08 UTC
Found by Codenomicon at the SNIA plugfest. We should never panic on user input. We should just fail the request with invalid parameter.

Patches for 4.0.0 and 3.6.x to follow.

Jeremy.
Comment 1 Jeremy Allison 2012-10-05 20:28:38 UTC
Created attachment 7996 [details]
git-am fix for 4.0.0

Turns out it's easier (and cleaner) to just safely terminate with an error message. We shouldn't assert in this case.
Comment 2 Jeremy Allison 2012-10-05 22:26:05 UTC
Ok, not needed in 3.6.next, as we don't do the multicredit algorithm there.
Jeremy.
Comment 3 Stefan Metzmacher 2012-10-07 15:24:19 UTC
Comment on attachment 7996 [details]
git-am fix for 4.0.0

Looks good
Comment 4 Stefan Metzmacher 2012-10-07 15:25:04 UTC
Karolin, please pick this for the next rc.
Comment 5 Karolin Seeger 2012-10-08 10:03:45 UTC
Pushed to autobuild-v4.0.test.
Closing out bug report.

Thanks!