The branch, v4-0-test has been updated
via 43e5b94 libcli: continue to read from the socket even if the size
is 0
from f7a9cb0 Fix is_legal_name() to not emit character conversion error
messages.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit 43e5b94448a8a4a1f772901433f8c30fd95809ed
Author: Matthieu Patou <[email protected]>
Date: Thu Sep 19 11:18:32 2013 -0700
libcli: continue to read from the socket even if the size is 0
This is an issue found by Codenomicon, with a malicious packet with 0
bytes UDP payload we will continiously be looping trying to react from
the socket event and continiously do nothing as we will bail out
thinking that we had a memory allocation error.
Original fix comes from Volker Lendecke <[email protected]>
Signed-off-by: Matthieu Patou <[email protected]>
Fix bug #10158 - netbios related samba process consume 100% CPU.
Autobuild-User(v4-0-test): Karolin Seeger <[email protected]>
Autobuild-Date(v4-0-test): Fri Sep 20 11:05:42 CEST 2013 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source4/libcli/dgram/dgramsocket.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/libcli/dgram/dgramsocket.c
b/source4/libcli/dgram/dgramsocket.c
index 3f06dc7..cd6d3e4 100644
--- a/source4/libcli/dgram/dgramsocket.c
+++ b/source4/libcli/dgram/dgramsocket.c
@@ -48,7 +48,7 @@ static void dgm_socket_recv(struct nbt_dgram_socket *dgmsock)
}
blob = data_blob_talloc(tmp_ctx, NULL, dsize);
- if (blob.data == NULL) {
+ if ((dsize != 0) && (blob.data == NULL)) {
talloc_free(tmp_ctx);
return;
}
--
Samba Shared Repository
