diff options
| author | Volker Lendecke <vl@samba.org> | 2011-05-29 19:13:11 +0200 |
|---|---|---|
| committer | Volker Lendecke <vl@samba.org> | 2011-05-29 21:10:26 +0200 |
| commit | 87e99150d0ba2af6b798befc3059a90d57fb9050 (patch) | |
| tree | 0b26534b156d4bb6247a641ab61bdf7cca262af6 /source3/smbd | |
| parent | ef0260ddbcb88361f805a1e08d42fdc589ebdcdd (diff) | |
| download | samba-87e99150d0ba2af6b798befc3059a90d57fb9050.tar.gz samba-87e99150d0ba2af6b798befc3059a90d57fb9050.tar.bz2 samba-87e99150d0ba2af6b798befc3059a90d57fb9050.zip | |
s3: Reply correctly to a bad nbt session request
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/reply.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 31f596c250..61e3a7e2d0 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -491,6 +491,13 @@ static bool netbios_session_retarget(struct smbd_server_connection *sconn, return ret; } +static void reply_called_name_not_present(char *outbuf) +{ + smb_setlen(outbuf, 1); + SCVAL(outbuf, 0, 0x83); + SCVAL(outbuf, 4, 0x82); +} + /**************************************************************************** Reply to a (netbios-level) special message. ****************************************************************************/ @@ -531,11 +538,13 @@ void reply_special(struct smbd_server_connection *sconn, char *inbuf, size_t inb name_len1 = name_len((unsigned char *)(inbuf+4),inbuf_size - 4); if (name_len1 <= 0 || name_len1 > inbuf_size - 4) { DEBUG(0,("Invalid name length in session request\n")); + reply_called_name_not_present(outbuf); break; } name_len2 = name_len((unsigned char *)(inbuf+4+name_len1),inbuf_size - 4 - name_len1); if (name_len2 <= 0 || name_len2 > inbuf_size - 4 - name_len1) { DEBUG(0,("Invalid name length in session request\n")); + reply_called_name_not_present(outbuf); break; } @@ -546,6 +555,7 @@ void reply_special(struct smbd_server_connection *sconn, char *inbuf, size_t inb if (name_type1 == -1 || name_type2 == -1) { DEBUG(0,("Invalid name type in session request\n")); + reply_called_name_not_present(outbuf); break; } @@ -575,7 +585,7 @@ void reply_special(struct smbd_server_connection *sconn, char *inbuf, size_t inb if (name_type2 == 'R') { /* We are being asked for a pathworks session --- no thanks! */ - SCVAL(outbuf, 0,0x83); + reply_called_name_not_present(outbuf); break; } @@ -614,6 +624,10 @@ void reply_special(struct smbd_server_connection *sconn, char *inbuf, size_t inb msg_type, msg_flags)); srv_send_smb(sconn, outbuf, false, 0, false, NULL); + + if (CVAL(outbuf, 0) != 0x82) { + exit_server_cleanly("invalid netbios session"); + } return; } |