diff options
author | Andrew Tridgell <tridge@samba.org> | 2001-05-25 02:45:07 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2001-05-25 02:45:07 +0000 |
commit | fe6208d09a380e29831240aeb84365f60d048c00 (patch) | |
tree | 0d34d1312702da2fe149402eb645f593dfd2cb35 | |
parent | 15e66ba37ae56787897e49039e217b5426924829 (diff) | |
download | samba-fe6208d09a380e29831240aeb84365f60d048c00.tar.gz samba-fe6208d09a380e29831240aeb84365f60d048c00.tar.bz2 samba-fe6208d09a380e29831240aeb84365f60d048c00.zip |
return an error code on password attack, rather than exiting.
otherwise security scanners may think we are vulnerable!
(This used to be commit ee8cb88682421464016d56209eecea764bddc032)
-rw-r--r-- | source3/smbd/reply.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 914f1801d2..23fedccd88 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -54,7 +54,6 @@ static void overflow_attack(int len) dbgtext( "attempting to exploit an old bug.\n" ); dbgtext( "Attack was from IP = %s.\n", client_addr() ); } - exit_server("possible attack"); } @@ -270,6 +269,7 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt if (passlen > MAX_PASS_LEN) { overflow_attack(passlen); + return(ERROR(ERRDOS,ERRbuftoosmall)); } memcpy(password,smb_buf(inbuf),passlen); @@ -704,8 +704,10 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int if (Protocol < PROTOCOL_NT1) { smb_apasslen = SVAL(inbuf,smb_vwv7); - if (smb_apasslen > MAX_PASS_LEN) - overflow_attack(smb_apasslen); + if (smb_apasslen > MAX_PASS_LEN) { + overflow_attack(smb_apasslen); + return(ERROR(ERRDOS,ERRbuftoosmall)); + } memcpy(smb_apasswd,smb_buf(inbuf),smb_apasslen); smb_apasswd[smb_apasslen] = 0; @@ -738,7 +740,8 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int doencrypt = False; if (passlen1 > MAX_PASS_LEN) { - overflow_attack(passlen1); + overflow_attack(passlen1); + return(ERROR(ERRDOS,ERRbuftoosmall)); } passlen1 = MIN(passlen1, MAX_PASS_LEN); |