The branch, master has been updated
via ea3db09 libcli: continue to read from the socket even if the size
is 0
from b2b948a lib/messaging: Check the server_id type correctly
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ea3db09f696b199171e78720d95197f458b15e93
Author: Matthieu Patou <[email protected]>
Date: Thu Sep 19 11:18:32 2013 -0700
libcli: continue to read from the socket even if the size is 0
This is an issue found by Codenomicon, with a malicious packet with 0
bytes UDP payload we will continiously be looping trying to react from
the socket event and continiously do nothing as we will bail out
thinking that we had a memory allocation error.
Original fix comes from Volker Lendecke <[email protected]>
Signed-off-by: Matthieu Patou <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Autobuild-User(master): Volker Lendecke <[email protected]>
Autobuild-Date(master): Fri Sep 20 04:46:47 CEST 2013 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source4/libcli/dgram/dgramsocket.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/libcli/dgram/dgramsocket.c
b/source4/libcli/dgram/dgramsocket.c
index 3f06dc7..cd6d3e4 100644
--- a/source4/libcli/dgram/dgramsocket.c
+++ b/source4/libcli/dgram/dgramsocket.c
@@ -48,7 +48,7 @@ static void dgm_socket_recv(struct nbt_dgram_socket *dgmsock)
}
blob = data_blob_talloc(tmp_ctx, NULL, dsize);
- if (blob.data == NULL) {
+ if ((dsize != 0) && (blob.data == NULL)) {
talloc_free(tmp_ctx);
return;
}
--
Samba Shared Repository
