summaryrefslogtreecommitdiff
path: root/source3/nmbd
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>1997-10-17 02:56:23 +0000
committerAndrew Tridgell <tridge@samba.org>1997-10-17 02:56:23 +0000
commit008b773834b26d9e38c2edb4f2d6ab532dde7a94 (patch)
tree9ea1b431d92e0091a4cabaed097e4462ef27290c /source3/nmbd
parentd2dc77736d8309ecc02f14c82e51726f76c06d08 (diff)
downloadsamba-008b773834b26d9e38c2edb4f2d6ab532dde7a94.tar.gz
samba-008b773834b26d9e38c2edb4f2d6ab532dde7a94.tar.bz2
samba-008b773834b26d9e38c2edb4f2d6ab532dde7a94.zip
fix the handling of negative name query responses and the handling of
packets with no answer section in general. The fix has 2 parts: 1) set ans_name to the name we queried if nmb->answers == NULL 2) check for nmb->answers == NULL in several other places where we currently check for nmb->answers->data While doing this, I noticed there are lots of places in our nmbd code where we make assumptions about the packets being well formed. Someone could easily implement a denial of service attack on nmbd by sending a packet that causes a null pointer dereference. Does anyone feel like going through the code and adding checks? Probably the best solution is to have a single function that "validates" a packet, making sure that all the required fields are there. This will be a bit tricky as what fields are required varies a lot between packets. A first pass would be a function that prints "SUSPECT PACKET" when it hits a packet that it suspects does not have a required field (or the field is badly formatted), then we could use this on a live system to find any cases we've missed. Any takers? (This used to be commit e02c21b0b8e3ed6f2d294458160c4f632af67ed3)
Diffstat (limited to 'source3/nmbd')
0 files changed, 0 insertions, 0 deletions