srvsvc 0x27 patch
MCCALL,DON (HP-USA,ex1)
don_mccall at hp.com
Mon Jun 18 16:59:44 GMT 2001
Hi Tim, Jeremy;
Just recently I had a battle with getting samba approved to be used
at a large customer site, because some security software they used
to decide whether a site was secure kept barfing on the samba sites.
Turns out it was probably because smbd was coring because of some
sequence the security test was sending. IMHO, smbd/nmbd should never
abort due to actions that can be taken by a client. Smbd should COMPLAIN
bitterly to the client, via some smb error return, and maybe then drop
the connection and terminate gracefully. This is the type of behavior you
see on a Win client/server, when IT receives an improperly formatted smb;
you get an event log error mentioning that it got an improperly formatted
smb, and drops the vc.
My 2 cents worth..
Don
-----Original Message-----
From: Jeremy Allison [mailto:jeremy at valinux.com]
Sent: Friday, June 15, 2001 8:39 PM
To: Tim Potter
Cc: Jim McDonough; samba-technical at samba.org; mtp at blaby.gov.uk
Subject: Re: srvsvc 0x27 patch
Tim Potter wrote:
>
> I'm a big fan of getting rid of all these stupid NULL checks in
> the rpc_parse code. If a parameter is NULL then it hasn't been
> passed in by the programmer and smbd should segfault. This will
> pull up the error much faster than tracking back up many stack
> frames to to find out why a particular call has failed.
Oh great. That means any client can automatically
crash an smbd by sending an invalid packet.....
Good plan :-) :-) :-).
> Woohoo - a rant! I don't do this very often... (-:
When do you start your new job coding Microsoft apps... :-) :-).
Jeremy.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list