svn commit: samba r19386 - in branches/SAMBA_3_0/source/smbd: .
jpeach at samba.org
jpeach at samba.org
Wed Oct 18 03:34:31 GMT 2006
Author: jpeach
Date: 2006-10-18 03:34:31 +0000 (Wed, 18 Oct 2006)
New Revision: 19386
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19386
Log:
Limit the size of the connection bitmap to <64K entries.
Modified:
branches/SAMBA_3_0/source/smbd/conn.c
Changeset:
Modified: branches/SAMBA_3_0/source/smbd/conn.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/conn.c 2006-10-18 03:26:58 UTC (rev 19385)
+++ branches/SAMBA_3_0/source/smbd/conn.c 2006-10-18 03:34:31 UTC (rev 19386)
@@ -107,7 +107,7 @@
int newsz = bmap->n + BITMAP_BLOCK_SZ;
struct bitmap * nbmap;
- if (newsz <= 0) {
+ if (newsz <= oldsz) {
/* Integer wrap. */
DEBUG(0,("ERROR! Out of connection structures\n"));
return NULL;
@@ -131,6 +131,16 @@
goto find_again;
}
+ /* The bitmap position is used below as the connection number
+ * conn->cnum). This ends up as the TID field in the SMB header,
+ * which is limited to 16 bits (we skip 0xffff which is the
+ * NULL TID).
+ */
+ if (i > 65534) {
+ DEBUG(0, ("Maximum connection limit reached\n"));
+ return NULL;
+ }
+
if ((mem_ctx=talloc_init("connection_struct"))==NULL) {
DEBUG(0,("talloc_init(connection_struct) failed!\n"));
return NULL;
More information about the samba-cvs
mailing list