[PATCH] protect against possible smb2 negprot segfault
Michael Adam
obnox at samba.org
Tue Jun 30 14:56:01 MDT 2015
The only question for me (Günther and I discussed that
before) is, why we don't use the smaller but (if I don't
miss anything) functionally equivalent patch attached.
Cheers - Michael
On 2015-06-30 at 16:27 +0200, Guenther Deschner wrote:
> New patch is here.
>
> On 30/06/15 16:16, Guenther Deschner wrote:
> > Good point,
> >
> > I created https://bugzilla.samba.org/show_bug.cgi?id=11373 for tracking
> > this.
> >
> > Thanks,
> > Guenther
> >
> > On 30/06/15 09:46, Stefan (metze) Metzmacher wrote:
> >> Hi Günther,
> >>
> >>> attached is a patch that we created while fixing some spurious crash
> >>> bugs in smb2 negprot failure paths.
> >>>
> >>> Please review & push.
> >>
> >> Do we need a bug report for a backport?
> >>
> >> metze
> >>
> >
> >
>
>
> --
> Günther Deschner GPG-ID: 8EE11688
> Red Hat gdeschner at redhat.com
> Samba Team gd at samba.org
> From 2baf14f8d8a62ecaff7947bb761a6fac896d7027 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd at samba.org>
> Date: Wed, 10 Jun 2015 17:07:15 +0200
> Subject: [PATCH] s3-smbd: reset protocol in smbXsrv_connection_init_tables
> failure paths.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11373
>
> Guenther
>
> Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
> Pair-Programmed-With: Michael Adam <obnox at samba.org>
>
> Signed-off-by: Guenther Deschner <gd at samba.org>
> Signed-off-by: Stefan Metzmacher <metze at samba.org>
> Signed-off-by: Michael Adam <obnox at samba.org>
> Reviewed-by: Andreas Schneider <asn at samba.org>
> ---
> source3/smbd/process.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/source3/smbd/process.c b/source3/smbd/process.c
> index 958c82b..c83f3bc 100644
> --- a/source3/smbd/process.c
> +++ b/source3/smbd/process.c
> @@ -3464,36 +3464,41 @@ NTSTATUS smbXsrv_connection_init_tables(struct smbXsrv_connection *conn,
> {
> NTSTATUS status;
>
> - set_Protocol(protocol);
> conn->protocol = protocol;
>
> if (protocol >= PROTOCOL_SMB2_02) {
> status = smb2srv_session_table_init(conn);
> if (!NT_STATUS_IS_OK(status)) {
> + conn->protocol = PROTOCOL_NONE;
> return status;
> }
>
> status = smb2srv_open_table_init(conn);
> if (!NT_STATUS_IS_OK(status)) {
> + conn->protocol = PROTOCOL_NONE;
> return status;
> }
> } else {
> status = smb1srv_session_table_init(conn);
> if (!NT_STATUS_IS_OK(status)) {
> + conn->protocol = PROTOCOL_NONE;
> return status;
> }
>
> status = smb1srv_tcon_table_init(conn);
> if (!NT_STATUS_IS_OK(status)) {
> + conn->protocol = PROTOCOL_NONE;
> return status;
> }
>
> status = smb1srv_open_table_init(conn);
> if (!NT_STATUS_IS_OK(status)) {
> + conn->protocol = PROTOCOL_NONE;
> return status;
> }
> }
>
> + set_Protocol(protocol);
> return NT_STATUS_OK;
> }
>
> --
> 2.4.3
>
-------------- next part --------------
From ecb08e739b83cd1fadbc630dbbcd8b8eba1bad58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd at samba.org>
Date: Wed, 10 Jun 2015 17:07:15 +0200
Subject: [PATCH] s3-smbd: reset protocol in smbXsrv_connection_init_tables
failure paths.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11373
Guenther
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Pair-Programmed-With: Michael Adam <obnox at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
---
source3/smbd/process.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 958c82b..70917d9 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -3464,8 +3464,7 @@ NTSTATUS smbXsrv_connection_init_tables(struct smbXsrv_connection *conn,
{
NTSTATUS status;
- set_Protocol(protocol);
- conn->protocol = protocol;
+ conn->protocol = PROTOCOL_NONE;
if (protocol >= PROTOCOL_SMB2_02) {
status = smb2srv_session_table_init(conn);
@@ -3494,6 +3493,8 @@ NTSTATUS smbXsrv_connection_init_tables(struct smbXsrv_connection *conn,
}
}
+ conn->protocol = protocol;
+ set_Protocol(protocol);
return NT_STATUS_OK;
}
--
2.4.3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150630/553303ab/attachment.pgp>
More information about the samba-technical
mailing list