diff options
| author | Matthieu Patou <mat@matws.net> | 2013-09-19 11:18:32 -0700 |
|---|---|---|
| committer | Volker Lendecke <vl@samba.org> | 2013-09-20 04:46:47 +0200 |
| commit | ea3db09f696b199171e78720d95197f458b15e93 (patch) | |
| tree | dfa3b36b7b63f64da00039636738804ad1d2ee26 | |
| parent | b2b948a1d01982613dc53ac926842f1d144b6841 (diff) | |
| download | samba-ea3db09f696b199171e78720d95197f458b15e93.tar.gz samba-ea3db09f696b199171e78720d95197f458b15e93.tar.bz2 samba-ea3db09f696b199171e78720d95197f458b15e93.zip | |
libcli: continue to read from the socket even if the size is 0
This is an issue found by Codenomicon, with a malicious packet with 0
bytes UDP payload we will continiously be looping trying to react from
the socket event and continiously do nothing as we will bail out
thinking that we had a memory allocation error.
Original fix comes from Volker Lendecke <vl@samba.org>
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Sep 20 04:46:47 CEST 2013 on sn-devel-104
| -rw-r--r-- | source4/libcli/dgram/dgramsocket.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/source4/libcli/dgram/dgramsocket.c b/source4/libcli/dgram/dgramsocket.c index 3f06dc72bd..cd6d3e4c74 100644 --- a/source4/libcli/dgram/dgramsocket.c +++ b/source4/libcli/dgram/dgramsocket.c @@ -48,7 +48,7 @@ static void dgm_socket_recv(struct nbt_dgram_socket *dgmsock) } blob = data_blob_talloc(tmp_ctx, NULL, dsize); - if (blob.data == NULL) { + if ((dsize != 0) && (blob.data == NULL)) { talloc_free(tmp_ctx); return; } |