The branch, v3-6-test has been updated
via 66c3247e Fix bug #9174: Empty SPNEGO packet can cause smbd to crash.
from 6357c59 RHEL packaging: Try to fix makerpms.sh on RHEL.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 66c3247e74f8d545b1d769c7d9ef6542a08f0719
Author: Jeremy Allison <[email protected]>
Date: Tue Sep 18 11:51:31 2012 -0700
Fix bug #9174: Empty SPNEGO packet can cause smbd to crash.
All fields within NegTokenInit and NegTokenTarg are optional. We incorrectly
assume we'll always get a data blob and indirect within it.
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/sesssetup.c | 2 +-
source3/smbd/smb2_sesssetup.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index d514b93..4f09db9 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -735,7 +735,7 @@ static void reply_spnego_auth(struct smb_request *req,
return;
}
- if (auth.data[0] == ASN1_APPLICATION(0)) {
+ if (auth.length > 0 && auth.data[0] == ASN1_APPLICATION(0)) {
/* Might be a second negTokenTarg packet */
char *kerb_mech = NULL;
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 64a8053..c90368f 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -560,7 +560,7 @@ static NTSTATUS smbd_smb2_spnego_auth(struct
smbd_smb2_session *session,
return NT_STATUS_LOGON_FAILURE;
}
- if (auth.data[0] == ASN1_APPLICATION(0)) {
+ if (auth.length > 0 && auth.data[0] == ASN1_APPLICATION(0)) {
/* Might be a second negTokenTarg packet */
DATA_BLOB secblob_in = data_blob_null;
char *kerb_mech = NULL;
--
Samba Shared Repository
