s3: Reply correctly to a bad nbt session request

author Volker Lendecke <vl@samba.org>

Sun, 29 May 2011 17:13:11 +0000 (19:13 +0200)

committer Volker Lendecke <vl@samba.org>

Sun, 29 May 2011 19:10:26 +0000 (21:10 +0200)
author Volker Lendecke <vl@samba.org>
Sun, 29 May 2011 17:13:11 +0000 (19:13 +0200)
committer Volker Lendecke <vl@samba.org>
Sun, 29 May 2011 19:10:26 +0000 (21:10 +0200)
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c

index 31f596c2502c265270c54f41ae63519c07c65783..61e3a7e2d0e2a00562dea6e215a86ff3bcc0bb8f 100644 (file)
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -491,6 +491,13 @@ static bool netbios_session_retarget(struct smbd_server_connection *sconn,
         return ret;
  }
  
+static void reply_called_name_not_present(char *outbuf)
+{
+       smb_setlen(outbuf, 1);
+       SCVAL(outbuf, 0, 0x83);
+       SCVAL(outbuf, 4, 0x82);
+}
+
  /****************************************************************************
   Reply to a (netbios-level) special message. 
  ****************************************************************************/
@@ -531,11 +538,13 @@ void reply_special(struct smbd_server_connection *sconn, char *inbuf, size_t inb
                 name_len1 = name_len((unsigned char *)(inbuf+4),inbuf_size - 4);
                 if (name_len1 <= 0 || name_len1 > inbuf_size - 4) {
                         DEBUG(0,("Invalid name length in session request\n"));
+                       reply_called_name_not_present(outbuf);
                         break;
                 }
                 name_len2 = name_len((unsigned char *)(inbuf+4+name_len1),inbuf_size - 4 - name_len1);
                 if (name_len2 <= 0 || name_len2 > inbuf_size - 4 - name_len1) {
                         DEBUG(0,("Invalid name length in session request\n"));
+                       reply_called_name_not_present(outbuf);
                         break;
                 }
  
@@ -546,6 +555,7 @@ void reply_special(struct smbd_server_connection *sconn, char *inbuf, size_t inb
  
                 if (name_type1 == -1 || name_type2 == -1) {
                         DEBUG(0,("Invalid name type in session request\n"));
+                       reply_called_name_not_present(outbuf);
                         break;
                 }
  
@@ -575,7 +585,7 @@ void reply_special(struct smbd_server_connection *sconn, char *inbuf, size_t inb
                 if (name_type2 == 'R') {
                         /* We are being asked for a pathworks session --- 
                            no thanks! */
-                       SCVAL(outbuf, 0,0x83);
+                       reply_called_name_not_present(outbuf);
                         break;
                 }
  
@@ -614,6 +624,10 @@ void reply_special(struct smbd_server_connection *sconn, char *inbuf, size_t inb
                     msg_type, msg_flags));
  
         srv_send_smb(sconn, outbuf, false, 0, false, NULL);
+
+       if (CVAL(outbuf, 0) != 0x82) {
+               exit_server_cleanly("invalid netbios session");
+       }
         return;
  }
author	Volker Lendecke <vl@samba.org>
	Sun, 29 May 2011 17:13:11 +0000 (19:13 +0200)
committer	Volker Lendecke <vl@samba.org>
	Sun, 29 May 2011 19:10:26 +0000 (21:10 +0200)