bug: smbd allows ports higher than 65536.
Jay Fenlason
fenlason at redhat.com
Wed Sep 6 21:08:30 GMT 2006
As reported at
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205353
smbd and nmbd do not check that their port numbers are within range,
upsetting people who try to start the daemons on out-of-range ports.
The bug submitter included the following patch, which looks like a
step in the right direction, but not sufficient. The daemons should
at least log an error when they receive invalid port numbers, and they
should check for insanely large (incapable of fitting in an
int/long/long long) numbers or non-number strings.
-- JF
-------------- next part --------------
--- samba-3.0.10.org/source/smbd/server.c 2006-08-28 11:28:19.000000000 +0900
+++ samba-3.0.10.new/source/smbd/server.c 2006-08-28 11:36:43.000000000 +0900
@@ -188,6 +188,7 @@
int s;
int i;
char *ports;
+ int tmp_port;
if (!is_daemon) {
return open_sockets_inetd();
@@ -218,7 +219,15 @@
ports = smb_xstrdup(ports);
}
} else {
- ports = smb_xstrdup(smb_ports);
+ tmp_port = atoi(smb_ports);
+ if (tmp_port <= 0 || tmp_port > 0xffff) {
+ /* Invalid port number
+ * so just specify the default port.
+ */
+ ports = smb_xstrdup(SMB_PORTS);
+ } else {
+ ports = smb_xstrdup(smb_ports);
+ }
}
if (lp_interfaces() && lp_bind_interfaces_only()) {
--- samba-3.0.10.org/source/nmbd/nmbd.c 2006-08-28 11:28:18.000000000 +0900
+++ samba-3.0.10.new/source/nmbd/nmbd.c 2006-08-28 11:46:00.000000000 +0900
@@ -724,6 +724,13 @@
DEBUG( 3, ( "Opening sockets %d\n", global_nmb_port ) );
+ if (global_nmb_port <= 0 || global_nmb_port > 0xffff) {
+ /* Invalid port number
+ * so just specify the default port.
+ */
+ global_nmb_port = NMB_PORT;
+ }
+
if ( !open_sockets( is_daemon, global_nmb_port ) ) {
kill_async_dns_child();
return 1;
More information about the samba-technical
mailing list