diff options
| author | Jeremy Allison <jra@samba.org> | 2010-12-21 18:07:52 -0800 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2010-12-21 18:07:52 -0800 |
| commit | e8f7c60ec25fd6ab40357ad44baf98918346a22a (patch) | |
| tree | 1f1771a09abeb25a99895f50b45b8cdfefdfce3b | |
| parent | 718c864d41827c256d73dd894c9c1a97abd212ca (diff) | |
| download | samba-e8f7c60ec25fd6ab40357ad44baf98918346a22a.tar.gz samba-e8f7c60ec25fd6ab40357ad44baf98918346a22a.tar.bz2 samba-e8f7c60ec25fd6ab40357ad44baf98918346a22a.zip | |
My algorithm for determining whan an incoming sequence number can be allowed is incorrect.
(I based it on the text in MS-SMB2, silly me :-). Fix it so incoming sequence numbers
can range over the entire allowable bitmap range. This fixes a repeatable
disconnect against Win7.
Jeremy.
| -rw-r--r-- | source3/include/local.h | 1 | ||||
| -rw-r--r-- | source3/smbd/smb2_server.c | 13 |
2 files changed, 8 insertions, 6 deletions
diff --git a/source3/include/local.h b/source3/include/local.h index 3014f613b2..a8889af376 100644 --- a/source3/include/local.h +++ b/source3/include/local.h @@ -269,5 +269,6 @@ #define DEFAULT_SMB2_MAX_WRITE (1024*1024) #define DEFAULT_SMB2_MAX_TRANSACT (1024*1024) #define DEFAULT_SMB2_MAX_CREDITS 128 +#define DEFAULT_SMB2_MAX_CREDIT_BITMAP_FACTOR 2 #endif diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 025f4036fc..38f221c597 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -113,7 +113,8 @@ static NTSTATUS smbd_initialize_smb2(struct smbd_server_connection *sconn) sconn->smb2.seqnum_low = 0; sconn->smb2.credits_granted = 0; sconn->smb2.max_credits = lp_smb2_max_credits(); - sconn->smb2.credits_bitmap = bitmap_talloc(sconn, 2*sconn->smb2.max_credits); + sconn->smb2.credits_bitmap = bitmap_talloc(sconn, + DEFAULT_SMB2_MAX_CREDIT_BITMAP_FACTOR*sconn->smb2.max_credits); if (sconn->smb2.credits_bitmap == NULL) { return NT_STATUS_NO_MEMORY; } @@ -306,12 +307,12 @@ static bool smb2_validate_message_id(struct smbd_server_connection *sconn, if (message_id < sconn->smb2.seqnum_low || message_id > (sconn->smb2.seqnum_low + - (2*sconn->smb2.credits_granted))) { + (sconn->smb2.max_credits * DEFAULT_SMB2_MAX_CREDIT_BITMAP_FACTOR))) { DEBUG(0,("smb2_validate_message_id: bad message_id " - "%llu (low = %llu, granted = %lu)\n", + "%llu (low = %llu, max = %lu)\n", (unsigned long long)message_id, (unsigned long long)sconn->smb2.seqnum_low, - (unsigned long)sconn->smb2.credits_granted )); + (unsigned long)sconn->smb2.max_credits )); return false; } @@ -321,7 +322,7 @@ static bool smb2_validate_message_id(struct smbd_server_connection *sconn, /* Mark the message_id as seen in the bitmap. */ bitmap_offset = (unsigned int)(message_id % - (uint64_t)(sconn->smb2.max_credits * 2)); + (uint64_t)(sconn->smb2.max_credits * DEFAULT_SMB2_MAX_CREDIT_BITMAP_FACTOR)); if (bitmap_query(credits_bm, bitmap_offset)) { DEBUG(0,("smb2_validate_message_id: duplicate message_id " "%llu (bm offset %u)\n", @@ -342,7 +343,7 @@ static bool smb2_validate_message_id(struct smbd_server_connection *sconn, bitmap_clear(credits_bm, bitmap_offset); sconn->smb2.seqnum_low += 1; bitmap_offset = (bitmap_offset + 1) % - (sconn->smb2.max_credits * 2); + (sconn->smb2.max_credits * DEFAULT_SMB2_MAX_CREDIT_BITMAP_FACTOR); } } |