The branch, v3-6-test has been updated
       via  1168f77 s3:libsmb: check the wct of the incoming SMBnegprot 
responses
      from  d728783 s3: Do not fork the echo handler for smb2

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 1168f7799fb3a1de96233080cd11c6114584b329
Author: Stefan Metzmacher <me...@samba.org>
Date:   Mon Sep 12 12:06:53 2011 -0700

    s3:libsmb: check the wct of the incoming SMBnegprot responses
    
    metze
    
    Fix bug #8452 (negprot reply needs to check vwv vector length).
    
    The corresponding commit in master is 
85332eb1c721d585e1a33101bddafdca4073e10f.

-----------------------------------------------------------------------

Summary of changes:
 source3/libsmb/cliconnect.c |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index d324899..81c1819 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -2643,6 +2643,11 @@ static void cli_negprot_done(struct tevent_req *subreq)
                struct timespec ts;
                bool negotiated_smb_signing = false;
 
+               if (wct != 0x11) {
+                       tevent_req_nterror(req, 
NT_STATUS_INVALID_NETWORK_RESPONSE);
+                       return;
+               }
+
                /* NT protocol */
                cli->sec_mode = CVAL(vwv + 1, 0);
                cli->max_mux = SVAL(vwv + 1, 1);
@@ -2716,6 +2721,11 @@ static void cli_negprot_done(struct tevent_req *subreq)
                }
 
        } else if (cli->protocol >= PROTOCOL_LANMAN1) {
+               if (wct != 0x0D) {
+                       tevent_req_nterror(req, 
NT_STATUS_INVALID_NETWORK_RESPONSE);
+                       return;
+               }
+
                cli->use_spnego = False;
                cli->sec_mode = SVAL(vwv + 1, 0);
                cli->max_xmit = SVAL(vwv + 2, 0);


-- 
Samba Shared Repository

Reply via email to