[SCM] Samba Shared Repository - branch v3-6-test updated
Karolin Seeger
kseeger at samba.org
Thu Sep 15 12:38:51 MDT 2011
The branch, v3-6-test has been updated
via 1168f77 s3:libsmb: check the wct of the incoming SMBnegprot responses
from d728783 s3: Do not fork the echo handler for smb2
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 1168f7799fb3a1de96233080cd11c6114584b329
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 12 12:06:53 2011 -0700
s3:libsmb: check the wct of the incoming SMBnegprot responses
metze
Fix bug #8452 (negprot reply needs to check vwv vector length).
The corresponding commit in master is 85332eb1c721d585e1a33101bddafdca4073e10f.
-----------------------------------------------------------------------
Summary of changes:
source3/libsmb/cliconnect.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index d324899..81c1819 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -2643,6 +2643,11 @@ static void cli_negprot_done(struct tevent_req *subreq)
struct timespec ts;
bool negotiated_smb_signing = false;
+ if (wct != 0x11) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
/* NT protocol */
cli->sec_mode = CVAL(vwv + 1, 0);
cli->max_mux = SVAL(vwv + 1, 1);
@@ -2716,6 +2721,11 @@ static void cli_negprot_done(struct tevent_req *subreq)
}
} else if (cli->protocol >= PROTOCOL_LANMAN1) {
+ if (wct != 0x0D) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
cli->use_spnego = False;
cli->sec_mode = SVAL(vwv + 1, 0);
cli->max_xmit = SVAL(vwv + 2, 0);
--
Samba Shared Repository
More information about the samba-cvs
mailing list