[PATCH] protect against possible smb2 negprot segfault

Michael Adam obnox at samba.org
Tue Jun 30 14:56:01 MDT 2015


The only question for me (Günther and I discussed that
before) is, why we don't use the smaller but (if I don't
miss anything) functionally equivalent patch attached.

Cheers - Michael

On 2015-06-30 at 16:27 +0200, Guenther Deschner wrote:
> New patch is here.
> 
> On 30/06/15 16:16, Guenther Deschner wrote:
> > Good point,
> > 
> > I created https://bugzilla.samba.org/show_bug.cgi?id=11373 for tracking
> > this.
> > 
> > Thanks,
> > Guenther
> > 
> > On 30/06/15 09:46, Stefan (metze) Metzmacher wrote:
> >> Hi Günther,
> >>
> >>> attached is a patch that we created while fixing some spurious crash
> >>> bugs in smb2 negprot failure paths.
> >>>
> >>> Please review & push.
> >>
> >> Do we need a bug report for a backport?
> >>
> >> metze
> >>
> > 
> > 
> 
> 
> -- 
> Günther Deschner                    GPG-ID: 8EE11688
> Red Hat                         gdeschner at redhat.com
> Samba Team                              gd at samba.org

> From 2baf14f8d8a62ecaff7947bb761a6fac896d7027 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd at samba.org>
> Date: Wed, 10 Jun 2015 17:07:15 +0200
> Subject: [PATCH] s3-smbd: reset protocol in smbXsrv_connection_init_tables
>  failure paths.
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11373
> 
> Guenther
> 
> Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
> Pair-Programmed-With: Michael Adam <obnox at samba.org>
> 
> Signed-off-by: Guenther Deschner <gd at samba.org>
> Signed-off-by: Stefan Metzmacher <metze at samba.org>
> Signed-off-by: Michael Adam <obnox at samba.org>
> Reviewed-by: Andreas Schneider <asn at samba.org>
> ---
>  source3/smbd/process.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/source3/smbd/process.c b/source3/smbd/process.c
> index 958c82b..c83f3bc 100644
> --- a/source3/smbd/process.c
> +++ b/source3/smbd/process.c
> @@ -3464,36 +3464,41 @@ NTSTATUS smbXsrv_connection_init_tables(struct smbXsrv_connection *conn,
>  {
>  	NTSTATUS status;
>  
> -	set_Protocol(protocol);
>  	conn->protocol = protocol;
>  
>  	if (protocol >= PROTOCOL_SMB2_02) {
>  		status = smb2srv_session_table_init(conn);
>  		if (!NT_STATUS_IS_OK(status)) {
> +			conn->protocol = PROTOCOL_NONE;
>  			return status;
>  		}
>  
>  		status = smb2srv_open_table_init(conn);
>  		if (!NT_STATUS_IS_OK(status)) {
> +			conn->protocol = PROTOCOL_NONE;
>  			return status;
>  		}
>  	} else {
>  		status = smb1srv_session_table_init(conn);
>  		if (!NT_STATUS_IS_OK(status)) {
> +			conn->protocol = PROTOCOL_NONE;
>  			return status;
>  		}
>  
>  		status = smb1srv_tcon_table_init(conn);
>  		if (!NT_STATUS_IS_OK(status)) {
> +			conn->protocol = PROTOCOL_NONE;
>  			return status;
>  		}
>  
>  		status = smb1srv_open_table_init(conn);
>  		if (!NT_STATUS_IS_OK(status)) {
> +			conn->protocol = PROTOCOL_NONE;
>  			return status;
>  		}
>  	}
>  
> +	set_Protocol(protocol);
>  	return NT_STATUS_OK;
>  }
>  
> -- 
> 2.4.3
> 

-------------- next part --------------
From ecb08e739b83cd1fadbc630dbbcd8b8eba1bad58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd at samba.org>
Date: Wed, 10 Jun 2015 17:07:15 +0200
Subject: [PATCH] s3-smbd: reset protocol in smbXsrv_connection_init_tables
 failure paths.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11373

Guenther

Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Pair-Programmed-With: Michael Adam <obnox at samba.org>

Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
---
 source3/smbd/process.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 958c82b..70917d9 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -3464,8 +3464,7 @@ NTSTATUS smbXsrv_connection_init_tables(struct smbXsrv_connection *conn,
 {
 	NTSTATUS status;
 
-	set_Protocol(protocol);
-	conn->protocol = protocol;
+	conn->protocol = PROTOCOL_NONE;
 
 	if (protocol >= PROTOCOL_SMB2_02) {
 		status = smb2srv_session_table_init(conn);
@@ -3494,6 +3493,8 @@ NTSTATUS smbXsrv_connection_init_tables(struct smbXsrv_connection *conn,
 		}
 	}
 
+	conn->protocol = protocol;
+	set_Protocol(protocol);
 	return NT_STATUS_OK;
 }
 
-- 
2.4.3

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150630/553303ab/attachment.pgp>


More information about the samba-technical mailing list