git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3983515)
Fix bug #9214 - Bad user supplied SMB2 credit value can cause smbd to call smb_panic.
authorJeremy Allison <jra@samba.org>
Wed, 3 Oct 2012 00:30:54 +0000 (17:30 -0700)
committerJeremy Allison <jra@samba.org>
Wed, 3 Oct 2012 19:49:15 +0000 (12:49 -0700)
Terminate the connection cleanly instead.

source3/smbd/smb2_server.c patch | blob | history

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index dcaefb16890f03d66d2aee144098b799f6c98c6e..d92302ede5cba9fb1fbf09b2fbfd415ab545b7c8 100644 (file)
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -780,7 +780,12 @@ static void smb2_set_operation_credit(struct smbd_server_connection *sconn,
        out_status = NT_STATUS(IVAL(outhdr, SMB2_HDR_STATUS));
 
        SMB_ASSERT(sconn->smb2.max_credits >= sconn->smb2.credits_granted);
-       SMB_ASSERT(sconn->smb2.max_credits >= credit_charge);
+
+       if (sconn->smb2.max_credits < credit_charge) {
+               smbd_server_connection_terminate(sconn,
+                       "client error: credit charge > max credits\n");
+               return;
+       }
 
        if (out_flags & SMB2_HDR_FLAG_ASYNC) {
                /*
Samba Shared Repository