summaryrefslogtreecommitdiff
path: root/source3/libads
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2010-09-23 21:44:24 -0700
committerJeremy Allison <jra@samba.org>2010-09-23 21:44:24 -0700
commitd8814b1a48adaf1f428c7119b97c87b69123e6fa (patch)
tree4b915160b408a5790000442b54567d7ab7de7b3a /source3/libads
parent0a1d153b256e45d7862235ab0fdaa9e92ae883f2 (diff)
downloadsamba-d8814b1a48adaf1f428c7119b97c87b69123e6fa.tar.gz
samba-d8814b1a48adaf1f428c7119b97c87b69123e6fa.tar.bz2
samba-d8814b1a48adaf1f428c7119b97c87b69123e6fa.zip
Fix bug 7694 - Crash bug with invalid SPNEGO token.
Found by the CodeNomicon test suites at the SNIA plugfest. http://www.codenomicon.com/ If an invalid SPNEGO packet contains no OIDs we crash in the SMB1/SMB2 server as we indirect the first returned value OIDs[0], which is returned as NULL. Jeremy.
Diffstat (limited to 'source3/libads')
-rw-r--r--source3/libads/sasl.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 051fc961d9..653d546ccd 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -785,7 +785,8 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
/* the server sent us the first part of the SPNEGO exchange in the negprot
reply */
- if (!spnego_parse_negTokenInit(talloc_tos(), blob, OIDs, &given_principal, NULL)) {
+ if (!spnego_parse_negTokenInit(talloc_tos(), blob, OIDs, &given_principal, NULL) ||
+ OIDs[0] == NULL) {
data_blob_free(&blob);
status = ADS_ERROR(LDAP_OPERATIONS_ERROR);
goto failed;