git.samba.org - samba.git/commit

author	Jeremy Allison <jra@samba.org>
	Tue, 19 Sep 2017 23:11:33 +0000 (16:11 -0700)
committer	Karolin Seeger <kseeger@samba.org>
	Fri, 17 Nov 2017 11:04:37 +0000 (12:04 +0100)
commit	007f5b54d76bf69f441cc277b7f41f478e258aab
tree	cbaca10dc4cb0268740427d9ce0e28cc29b365ab	tree
parent	bd200ea5d2fb7e3948fae8fbeb114de557a14313	commit \| diff

s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746

When setting up the chain, always use 'next->' variables
not the 'req->' one.

Bug discovered by 连一汉 <lianyihan@360.cn>

CVE-2017-14746

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13041

Signed-off-by: Jeremy Allison <jra@samba.org>

source3/smbd/process.c		diff \| blob \| history
source3/smbd/reply.c		diff \| blob \| history

Samba Shared Repository

RSS Atom