[SCM] Samba Shared Repository - branch v3-6-test updated

Fri Sep 28 01:23:27 MDT 2012

The branch, v3-6-test has been updated
       via  f3f960b s3-smbd: Don't segfault if user specified ports out for range.
      from  d0b872e Fix bug #9213 - Bad ASN.1 NegTokenInit packet can cause invalid free.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit f3f960bed8e155f7a3f93fc7f2cc4d483785e975
Author: Andreas Schneider <asn at samba.org>
Date:   Tue Sep 25 14:28:22 2012 +0200

    s3-smbd: Don't segfault if user specified ports out for range.
    
    (cherry picked from commit 50d324b7e070de4672eff3fb6231923e6dca807a)
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    
    Fix bug #9218 - Samba panics if a user specifies an invalid port number.

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/server.c |   23 ++++++++++++-----------
 1 files changed, 12 insertions(+), 11 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 2400ce4..c699d3b 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -650,6 +650,8 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent,
 	int num_interfaces = iface_count();
 	int i;
 	char *ports;
+	char *tok;
+	const char *ptr;
 	unsigned dns_port = 0;
 
 #ifdef HAVE_ATEXIT
@@ -671,6 +673,16 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent,
 		ports = talloc_strdup(talloc_tos(), smb_ports);
 	}
 
+	for (ptr = ports;
+	     next_token_talloc(talloc_tos(),&ptr, &tok, " \t,");) {
+		unsigned port = atoi(tok);
+
+		if (port == 0 || port > 0xffff) {
+			exit_server_cleanly("Invalid port in the config or on "
+					    "the commandline specified!");
+		}
+	}
+
 	if (lp_interfaces() && lp_bind_interfaces_only()) {
 		/* We have been given an interfaces line, and been
 		   told to only bind to those interfaces. Create a
@@ -682,8 +694,6 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent,
 		for(i = 0; i < num_interfaces; i++) {
 			const struct sockaddr_storage *ifss =
 					iface_n_sockaddr_storage(i);
-			char *tok;
-			const char *ptr;
 
 			if (ifss == NULL) {
 				DEBUG(0,("open_sockets_smbd: "
@@ -695,9 +705,6 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent,
 			for (ptr=ports;
 			     next_token_talloc(talloc_tos(),&ptr, &tok, " \t,");) {
 				unsigned port = atoi(tok);
-				if (port == 0 || port > 0xffff) {
-					continue;
-				}
 
 				/* Keep the first port for mDNS service
 				 * registration.
@@ -715,8 +722,6 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent,
 		/* Just bind to 0.0.0.0 - accept connections
 		   from anywhere. */
 
-		char *tok;
-		const char *ptr;
 		const char *sock_addr = lp_socket_address();
 		char *sock_tok;
 		const char *sock_ptr;
@@ -734,11 +739,7 @@ static bool open_sockets_smbd(struct smbd_parent_context *parent,
 		     next_token_talloc(talloc_tos(), &sock_ptr, &sock_tok, " \t,"); ) {
 			for (ptr=ports; next_token_talloc(talloc_tos(), &ptr, &tok, " \t,"); ) {
 				struct sockaddr_storage ss;
-
 				unsigned port = atoi(tok);
-				if (port == 0 || port > 0xffff) {
-					continue;
-				}
 
 				/* Keep the first port for mDNS service
 				 * registration.


-- 
Samba Shared Repository
