s3: Limit the number of unexpected packets per client to 10

Non-reading clients could maliciously make nmbd allocate memory
author: Volker Lendecke <vl@samba.org> 2011-01-05 14:34:04 +0100
committer: Volker Lendecke <vl@samba.org> 2011-01-07 13:28:07 +0100
commit: 0cff82e054cea6b473dcfa6de840ece7327ef6ca (patch)
tree: 3d375ace17da85d43a4c6e55bafb189014d0a5b7
parent: 5f4ff3bfbd0a48787b8b57c60cc4c6cdcec036a1 (diff)
download: samba-0cff82e054cea6b473dcfa6de840ece7327ef6ca.tar.gz
samba-0cff82e054cea6b473dcfa6de840ece7327ef6ca.tar.bz2
samba-0cff82e054cea6b473dcfa6de840ece7327ef6ca.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/source3/libsmb/unexpected.c b/source3/libsmb/unexpected.c
index ce1e31dc59..7ec5800e69 100644
--- a/source3/libsmb/unexpected.c
+++ b/source3/libsmb/unexpected.c
@@ -672,6 +672,14 @@ static void nb_packet_client_send(struct nb_packet_client *client,
 	struct nb_packet_client_state *state;
 	struct tevent_req *req;
 
+	if (tevent_queue_length(client->out_queue) > 10) {
+		/*
+		 * Skip clients that don't listen anyway, some form of DoS
+		 * protection
+		 */
+		return;
+	}
+
 	state = TALLOC_ZERO_P(client, struct nb_packet_client_state);
 	if (state == NULL) {
 		DEBUG(10, ("talloc failed\n"));
author	Volker Lendecke <vl@samba.org>	2011-01-05 14:34:04 +0100
committer	Volker Lendecke <vl@samba.org>	2011-01-07 13:28:07 +0100
commit	0cff82e054cea6b473dcfa6de840ece7327ef6ca (patch)
tree	3d375ace17da85d43a4c6e55bafb189014d0a5b7
parent	5f4ff3bfbd0a48787b8b57c60cc4c6cdcec036a1 (diff)
download	samba-0cff82e054cea6b473dcfa6de840ece7327ef6ca.tar.gz samba-0cff82e054cea6b473dcfa6de840ece7327ef6ca.tar.bz2 samba-0cff82e054cea6b473dcfa6de840ece7327ef6ca.zip