libcli: continue to read from the socket even if the size is 0

This is an issue found by Codenomicon, with a malicious packet with 0
bytes UDP payload we will continiously be looping trying to react from
the socket event and continiously do nothing as we will bail out
thinking that we had a memory allocation error.

Original fix comes from Volker Lendecke <vl@samba.org>

Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Sep 20 04:46:47 CEST 2013 on sn-devel-104

diff --git a/source4/libcli/dgram/dgramsocket.c b/source4/libcli/dgram/dgramsocket.c
index 3f06dc72bd186ef1d03d2ef6e94959a133a10c51..cd6d3e4c745bf5069cf8cac8566cd23cb645ac77 100644 (file)
--- a/source4/libcli/dgram/dgramsocket.c
+++ b/source4/libcli/dgram/dgramsocket.c
@@ -48,7 +48,7 @@ static void dgm_socket_recv(struct nbt_dgram_socket *dgmsock)
        }
 
        blob = data_blob_talloc(tmp_ctx, NULL, dsize);
-       if (blob.data == NULL) {
+       if ((dsize != 0) && (blob.data == NULL)) {
                talloc_free(tmp_ctx);
                return;
        }