[SCM] Samba Shared Repository - branch master updated

Volker Lendecke vlendec at samba.org
Fri Sep 20 04:47:03 CEST 2013

The branch, master has been updated
       via  ea3db09 libcli: continue to read from the socket even if the size is 0
      from  b2b948a lib/messaging: Check the server_id type correctly


- Log -----------------------------------------------------------------
commit ea3db09f696b199171e78720d95197f458b15e93
Author: Matthieu Patou <mat at matws.net>
Date:   Thu Sep 19 11:18:32 2013 -0700

    libcli: continue to read from the socket even if the size is 0
    This is an issue found by Codenomicon, with a malicious packet with 0
    bytes UDP payload we will continiously be looping trying to react from
    the socket event and continiously do nothing as we will bail out
    thinking that we had a memory allocation error.
    Original fix comes from Volker Lendecke <vl at samba.org>
    Signed-off-by: Matthieu Patou <mat at matws.net>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    Autobuild-User(master): Volker Lendecke <vl at samba.org>
    Autobuild-Date(master): Fri Sep 20 04:46:47 CEST 2013 on sn-devel-104


Summary of changes:
 source4/libcli/dgram/dgramsocket.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

Changeset truncated at 500 lines:

diff --git a/source4/libcli/dgram/dgramsocket.c b/source4/libcli/dgram/dgramsocket.c
index 3f06dc7..cd6d3e4 100644
--- a/source4/libcli/dgram/dgramsocket.c
+++ b/source4/libcli/dgram/dgramsocket.c
@@ -48,7 +48,7 @@ static void dgm_socket_recv(struct nbt_dgram_socket *dgmsock)
 	blob = data_blob_talloc(tmp_ctx, NULL, dsize);
-	if (blob.data == NULL) {
+	if ((dsize != 0) && (blob.data == NULL)) {

Samba Shared Repository

More information about the samba-cvs mailing list