diff options
| author | James Peach <jpeach@samba.org> | 2006-10-18 03:34:31 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:15:32 -0500 |
| commit | 09ead9c8fac5e3058e9b6b422171db04dd8dd680 (patch) | |
| tree | 1ec1288cfadeb4e68eaafb503d8761c374312e29 | |
| parent | 322863b392dda9ba0048c5b9efd5a5a594e2e2cc (diff) | |
| download | samba-09ead9c8fac5e3058e9b6b422171db04dd8dd680.tar.gz samba-09ead9c8fac5e3058e9b6b422171db04dd8dd680.tar.bz2 samba-09ead9c8fac5e3058e9b6b422171db04dd8dd680.zip | |
r19386: Limit the size of the connection bitmap to <64K entries.
(This used to be commit 9f0518e0b0d4add7cceac6d4d797edddb0080aaa)
| -rw-r--r-- | source3/smbd/conn.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c index 52182f3129..73d2ed7003 100644 --- a/source3/smbd/conn.c +++ b/source3/smbd/conn.c @@ -107,7 +107,7 @@ find_again: int newsz = bmap->n + BITMAP_BLOCK_SZ; struct bitmap * nbmap; - if (newsz <= 0) { + if (newsz <= oldsz) { /* Integer wrap. */ DEBUG(0,("ERROR! Out of connection structures\n")); return NULL; @@ -131,6 +131,16 @@ find_again: goto find_again; } + /* The bitmap position is used below as the connection number + * conn->cnum). This ends up as the TID field in the SMB header, + * which is limited to 16 bits (we skip 0xffff which is the + * NULL TID). + */ + if (i > 65534) { + DEBUG(0, ("Maximum connection limit reached\n")); + return NULL; + } + if ((mem_ctx=talloc_init("connection_struct"))==NULL) { DEBUG(0,("talloc_init(connection_struct) failed!\n")); return NULL; |