diff options
| author | Andrew Tridgell <tridge@samba.org> | 1997-10-17 02:56:23 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 1997-10-17 02:56:23 +0000 |
| commit | 008b773834b26d9e38c2edb4f2d6ab532dde7a94 (patch) | |
| tree | 9ea1b431d92e0091a4cabaed097e4462ef27290c /source3/nameresp.c | |
| parent | d2dc77736d8309ecc02f14c82e51726f76c06d08 (diff) | |
| download | samba-008b773834b26d9e38c2edb4f2d6ab532dde7a94.tar.gz samba-008b773834b26d9e38c2edb4f2d6ab532dde7a94.tar.bz2 samba-008b773834b26d9e38c2edb4f2d6ab532dde7a94.zip | |
fix the handling of negative name query responses and the handling of
packets with no answer section in general.
The fix has 2 parts:
1) set ans_name to the name we queried if nmb->answers == NULL
2) check for nmb->answers == NULL in several other places where we
currently check for nmb->answers->data
While doing this, I noticed there are lots of places in our nmbd code
where we make assumptions about the packets being well formed. Someone
could easily implement a denial of service attack on nmbd by sending a
packet that causes a null pointer dereference. Does anyone feel like
going through the code and adding checks? Probably the best solution
is to have a single function that "validates" a packet, making sure
that all the required fields are there. This will be a bit tricky as
what fields are required varies a lot between packets. A first pass
would be a function that prints "SUSPECT PACKET" when it hits a packet
that it suspects does not have a required field (or the field is badly
formatted), then we could use this on a live system to find any cases
we've missed.
Any takers?
(This used to be commit e02c21b0b8e3ed6f2d294458160c4f632af67ed3)
Diffstat (limited to 'source3/nameresp.c')
0 files changed, 0 insertions, 0 deletions