diff options
author | Jeremy Allison <jra@samba.org> | 2007-12-04 13:30:22 -0800 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2007-12-04 13:30:22 -0800 |
commit | 774a30989af4879cc6c3f5a270a20a645983edfa (patch) | |
tree | 240f24b02d41c34ba6261e01ad942ee31f5935ec /source3 | |
parent | 0e9a1c24a067832b2d3962e851001767973643d8 (diff) | |
download | samba-774a30989af4879cc6c3f5a270a20a645983edfa.tar.gz samba-774a30989af4879cc6c3f5a270a20a645983edfa.tar.bz2 samba-774a30989af4879cc6c3f5a270a20a645983edfa.zip |
Fix signing bug found by Volker. That one was *subtle*.
Jeremy
(This used to be commit 816aea6c1a426eb2450061b847729e22bdac33a0)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/libsmb/clitrans.c | 14 | ||||
-rw-r--r-- | source3/libsmb/smb_signing.c | 79 |
2 files changed, 5 insertions, 88 deletions
diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c index 739c8ba1d1..a6f7f7fec1 100644 --- a/source3/libsmb/clitrans.c +++ b/source3/libsmb/clitrans.c @@ -94,14 +94,9 @@ bool cli_send_trans(struct cli_state *cli, int trans, return False; } - /* Note we're in a trans state. Save the sequence - * numbers for replies. */ - client_set_trans_sign_state_on(cli, mid); - if (this_ldata < ldata || this_lparam < lparam) { /* receive interim response */ if (!cli_receive_smb(cli) || cli_is_error(cli)) { - client_set_trans_sign_state_off(cli, mid); return(False); } @@ -143,7 +138,6 @@ bool cli_send_trans(struct cli_state *cli, int trans, show_msg(cli->outbuf); if (!cli_send_smb(cli)) { - client_set_trans_sign_state_off(cli, mid); return False; } @@ -350,7 +344,6 @@ bool cli_receive_trans(struct cli_state *cli,int trans, } } - client_set_trans_sign_state_off(cli, SVAL(cli->inbuf,smb_mid)); return ret; } @@ -418,14 +411,9 @@ bool cli_send_nt_trans(struct cli_state *cli, return False; } - /* Note we're in a trans state. Save the sequence - * numbers for replies. */ - client_set_trans_sign_state_on(cli, mid); - if (this_ldata < ldata || this_lparam < lparam) { /* receive interim response */ if (!cli_receive_smb(cli) || cli_is_error(cli)) { - client_set_trans_sign_state_off(cli, mid); return(False); } @@ -467,7 +455,6 @@ bool cli_send_nt_trans(struct cli_state *cli, show_msg(cli->outbuf); if (!cli_send_smb(cli)) { - client_set_trans_sign_state_off(cli, mid); return False; } @@ -695,6 +682,5 @@ bool cli_receive_nt_trans(struct cli_state *cli, } } - client_set_trans_sign_state_off(cli, SVAL(cli->inbuf,smb_mid)); return ret; } diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c index 1e150525ba..d5cbe3b125 100644 --- a/source3/libsmb/smb_signing.c +++ b/source3/libsmb/smb_signing.c @@ -25,7 +25,6 @@ struct outstanding_packet_lookup { struct outstanding_packet_lookup *prev, *next; uint16 mid; uint32 reply_seq_num; - bool can_delete; /* Set to False in trans state. */ }; struct smb_basic_signing_context { @@ -42,7 +41,9 @@ static bool store_sequence_for_reply(struct outstanding_packet_lookup **list, /* Ensure we only add a mid once. */ for (t = *list; t; t = t->next) { if (t->mid == mid) { - return False; + DLIST_REMOVE(*list, t); + SAFE_FREE(t); + break; } } @@ -51,7 +52,6 @@ static bool store_sequence_for_reply(struct outstanding_packet_lookup **list, t->mid = mid; t->reply_seq_num = reply_seq_num; - t->can_delete = True; /* * Add to the *start* of the list not the end of the list. @@ -78,23 +78,8 @@ static bool get_sequence_for_reply(struct outstanding_packet_lookup **list, *reply_seq_num = t->reply_seq_num; DEBUG(10,("get_sequence_for_reply: found seq = %u mid = %u\n", (unsigned int)t->reply_seq_num, (unsigned int)t->mid )); - if (t->can_delete) { - DLIST_REMOVE(*list, t); - SAFE_FREE(t); - } - return True; - } - } - return False; -} - -static bool set_sequence_can_delete_flag(struct outstanding_packet_lookup **list, uint16 mid, bool can_delete_entry) -{ - struct outstanding_packet_lookup *t; - - for (t = *list; t; t = t->next) { - if (t->mid == mid) { - t->can_delete = can_delete_entry; + DLIST_REMOVE(*list, t); + SAFE_FREE(t); return True; } } @@ -609,60 +594,6 @@ bool cli_check_sign_mac(struct cli_state *cli) } /*********************************************************** - Enter trans/trans2/nttrans state. -************************************************************/ - -bool client_set_trans_sign_state_on(struct cli_state *cli, uint16 mid) -{ - struct smb_sign_info *si = &cli->sign_info; - struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context; - - if (!si->doing_signing) { - return True; - } - - if (!data) { - return False; - } - - if (!set_sequence_can_delete_flag(&data->outstanding_packet_list, mid, False)) { - return False; - } - - return True; -} - -/*********************************************************** - Leave trans/trans2/nttrans state. -************************************************************/ - -bool client_set_trans_sign_state_off(struct cli_state *cli, uint16 mid) -{ - uint32 reply_seq_num; - struct smb_sign_info *si = &cli->sign_info; - struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context; - - if (!si->doing_signing) { - return True; - } - - if (!data) { - return False; - } - - if (!set_sequence_can_delete_flag(&data->outstanding_packet_list, mid, True)) { - return False; - } - - /* Now delete the stored mid entry. */ - if (!get_sequence_for_reply(&data->outstanding_packet_list, mid, &reply_seq_num)) { - return False; - } - - return True; -} - -/*********************************************************** Is client signing on ? ************************************************************/ |