diff options
| author | Andrew Tridgell <tridge@samba.org> | 2000-04-11 13:55:53 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2000-04-11 13:55:53 +0000 |
| commit | 2fa922611bf7160e2c1ce80c11b50006448bf98d (patch) | |
| tree | ed29a6f6c0364ee631b049b26031139b9e74a4ec /source3/libsmb | |
| parent | 03630a9aa9ce5c00619ad3c4bb498d95054ae03a (diff) | |
| download | samba-2fa922611bf7160e2c1ce80c11b50006448bf98d.tar.gz samba-2fa922611bf7160e2c1ce80c11b50006448bf98d.tar.bz2 samba-2fa922611bf7160e2c1ce80c11b50006448bf98d.zip | |
finally got sick of the "extern int Client" code and the stupid
assumption that we have one socket everywhere
while doing so I discovered a few bugs!
1) the clientgen session retarget code if used from smbd or nmbd would
cause a crash as it called close_sockets() which closed our main
socket! fixed by removing close_sockets() completely - it is unnecessary
2) the caching in client_addr() and client_name() was bogus - it could
easily get fooled and give the wrong result. fixed.
3) the retarget could could recurse, allowing an easy denial of
service attack on nmbd. fixed.
(This used to be commit 5937ab14d222696e40a3fc6f0e6a536f2d7305d3)
Diffstat (limited to 'source3/libsmb')
| -rw-r--r-- | source3/libsmb/clientgen.c | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 29c228ecfa..6472cf0380 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -88,10 +88,9 @@ static BOOL cli_send_smb(struct cli_state *cli) } } if (ret <= 0) { - DEBUG(0,("Error writing %d bytes to client. %d. Exiting\n", + DEBUG(0,("Error writing %d bytes to client. %d\n", (int)len,(int)ret)); - close_sockets(); - exit(1); + return False; } nwritten += ret; } @@ -1516,11 +1515,11 @@ size_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t if (size2 > block) { DEBUG(0,("server returned more than we wanted!\n")); - exit(1); + return -1; } if (mid >= issued) { DEBUG(0,("invalid mid from server!\n")); - exit(1); + return -1; } p = smb_base(cli->inbuf) + SVAL(cli->inbuf,smb_vwv6); @@ -2551,7 +2550,6 @@ retry: /* SESSION RETARGET */ putip((char *)&cli->dest_ip,cli->inbuf+4); - close_sockets(); cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ip, port, LONG_CONNECT_TIMEOUT); if (cli->fd == -1) return False; @@ -2561,7 +2559,18 @@ retry: set_socket_options(cli->fd,user_socket_options); /* Try again */ - return cli_session_request(cli, calling, called); + { + static int depth; + BOOL ret; + if (depth > 4) { + DEBUG(0,("Retarget recursion - failing\n")); + return False; + } + depth++; + ret = cli_session_request(cli, calling, called); + depth--; + return ret; + } } /* C. Hoch 9/14/95 End */ #ifdef WITH_SSL |