git.samba.org
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
3983515
)
Fix bug #9214 - Bad user supplied SMB2 credit value can cause smbd to call smb_panic.
author
Jeremy Allison
<jra@samba.org>
Wed, 3 Oct 2012 00:30:54 +0000
(17:30 -0700)
committer
Jeremy Allison
<jra@samba.org>
Wed, 3 Oct 2012 19:49:15 +0000
(12:49 -0700)
Terminate the connection cleanly instead.
source3/smbd/smb2_server.c
patch
|
blob
|
history
diff --git
a/source3/smbd/smb2_server.c
b/source3/smbd/smb2_server.c
index dcaefb16890f03d66d2aee144098b799f6c98c6e..d92302ede5cba9fb1fbf09b2fbfd415ab545b7c8 100644
(file)
--- a/
source3/smbd/smb2_server.c
+++ b/
source3/smbd/smb2_server.c
@@
-780,7
+780,12
@@
static void smb2_set_operation_credit(struct smbd_server_connection *sconn,
out_status = NT_STATUS(IVAL(outhdr, SMB2_HDR_STATUS));
SMB_ASSERT(sconn->smb2.max_credits >= sconn->smb2.credits_granted);
- SMB_ASSERT(sconn->smb2.max_credits >= credit_charge);
+
+ if (sconn->smb2.max_credits < credit_charge) {
+ smbd_server_connection_terminate(sconn,
+ "client error: credit charge > max credits\n");
+ return;
+ }
if (out_flags & SMB2_HDR_FLAG_ASYNC) {
/*