summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2007-12-04 13:30:22 -0800
committerJeremy Allison <jra@samba.org>2007-12-04 13:30:22 -0800
commit774a30989af4879cc6c3f5a270a20a645983edfa (patch)
tree240f24b02d41c34ba6261e01ad942ee31f5935ec /source3
parent0e9a1c24a067832b2d3962e851001767973643d8 (diff)
downloadsamba-774a30989af4879cc6c3f5a270a20a645983edfa.tar.gz
samba-774a30989af4879cc6c3f5a270a20a645983edfa.tar.bz2
samba-774a30989af4879cc6c3f5a270a20a645983edfa.zip
Fix signing bug found by Volker. That one was *subtle*.
Jeremy (This used to be commit 816aea6c1a426eb2450061b847729e22bdac33a0)
Diffstat (limited to 'source3')
-rw-r--r--source3/libsmb/clitrans.c14
-rw-r--r--source3/libsmb/smb_signing.c79
2 files changed, 5 insertions, 88 deletions
diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c
index 739c8ba1d1..a6f7f7fec1 100644
--- a/source3/libsmb/clitrans.c
+++ b/source3/libsmb/clitrans.c
@@ -94,14 +94,9 @@ bool cli_send_trans(struct cli_state *cli, int trans,
return False;
}
- /* Note we're in a trans state. Save the sequence
- * numbers for replies. */
- client_set_trans_sign_state_on(cli, mid);
-
if (this_ldata < ldata || this_lparam < lparam) {
/* receive interim response */
if (!cli_receive_smb(cli) || cli_is_error(cli)) {
- client_set_trans_sign_state_off(cli, mid);
return(False);
}
@@ -143,7 +138,6 @@ bool cli_send_trans(struct cli_state *cli, int trans,
show_msg(cli->outbuf);
if (!cli_send_smb(cli)) {
- client_set_trans_sign_state_off(cli, mid);
return False;
}
@@ -350,7 +344,6 @@ bool cli_receive_trans(struct cli_state *cli,int trans,
}
}
- client_set_trans_sign_state_off(cli, SVAL(cli->inbuf,smb_mid));
return ret;
}
@@ -418,14 +411,9 @@ bool cli_send_nt_trans(struct cli_state *cli,
return False;
}
- /* Note we're in a trans state. Save the sequence
- * numbers for replies. */
- client_set_trans_sign_state_on(cli, mid);
-
if (this_ldata < ldata || this_lparam < lparam) {
/* receive interim response */
if (!cli_receive_smb(cli) || cli_is_error(cli)) {
- client_set_trans_sign_state_off(cli, mid);
return(False);
}
@@ -467,7 +455,6 @@ bool cli_send_nt_trans(struct cli_state *cli,
show_msg(cli->outbuf);
if (!cli_send_smb(cli)) {
- client_set_trans_sign_state_off(cli, mid);
return False;
}
@@ -695,6 +682,5 @@ bool cli_receive_nt_trans(struct cli_state *cli,
}
}
- client_set_trans_sign_state_off(cli, SVAL(cli->inbuf,smb_mid));
return ret;
}
diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c
index 1e150525ba..d5cbe3b125 100644
--- a/source3/libsmb/smb_signing.c
+++ b/source3/libsmb/smb_signing.c
@@ -25,7 +25,6 @@ struct outstanding_packet_lookup {
struct outstanding_packet_lookup *prev, *next;
uint16 mid;
uint32 reply_seq_num;
- bool can_delete; /* Set to False in trans state. */
};
struct smb_basic_signing_context {
@@ -42,7 +41,9 @@ static bool store_sequence_for_reply(struct outstanding_packet_lookup **list,
/* Ensure we only add a mid once. */
for (t = *list; t; t = t->next) {
if (t->mid == mid) {
- return False;
+ DLIST_REMOVE(*list, t);
+ SAFE_FREE(t);
+ break;
}
}
@@ -51,7 +52,6 @@ static bool store_sequence_for_reply(struct outstanding_packet_lookup **list,
t->mid = mid;
t->reply_seq_num = reply_seq_num;
- t->can_delete = True;
/*
* Add to the *start* of the list not the end of the list.
@@ -78,23 +78,8 @@ static bool get_sequence_for_reply(struct outstanding_packet_lookup **list,
*reply_seq_num = t->reply_seq_num;
DEBUG(10,("get_sequence_for_reply: found seq = %u mid = %u\n",
(unsigned int)t->reply_seq_num, (unsigned int)t->mid ));
- if (t->can_delete) {
- DLIST_REMOVE(*list, t);
- SAFE_FREE(t);
- }
- return True;
- }
- }
- return False;
-}
-
-static bool set_sequence_can_delete_flag(struct outstanding_packet_lookup **list, uint16 mid, bool can_delete_entry)
-{
- struct outstanding_packet_lookup *t;
-
- for (t = *list; t; t = t->next) {
- if (t->mid == mid) {
- t->can_delete = can_delete_entry;
+ DLIST_REMOVE(*list, t);
+ SAFE_FREE(t);
return True;
}
}
@@ -609,60 +594,6 @@ bool cli_check_sign_mac(struct cli_state *cli)
}
/***********************************************************
- Enter trans/trans2/nttrans state.
-************************************************************/
-
-bool client_set_trans_sign_state_on(struct cli_state *cli, uint16 mid)
-{
- struct smb_sign_info *si = &cli->sign_info;
- struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context;
-
- if (!si->doing_signing) {
- return True;
- }
-
- if (!data) {
- return False;
- }
-
- if (!set_sequence_can_delete_flag(&data->outstanding_packet_list, mid, False)) {
- return False;
- }
-
- return True;
-}
-
-/***********************************************************
- Leave trans/trans2/nttrans state.
-************************************************************/
-
-bool client_set_trans_sign_state_off(struct cli_state *cli, uint16 mid)
-{
- uint32 reply_seq_num;
- struct smb_sign_info *si = &cli->sign_info;
- struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context;
-
- if (!si->doing_signing) {
- return True;
- }
-
- if (!data) {
- return False;
- }
-
- if (!set_sequence_can_delete_flag(&data->outstanding_packet_list, mid, True)) {
- return False;
- }
-
- /* Now delete the stored mid entry. */
- if (!get_sequence_for_reply(&data->outstanding_packet_list, mid, &reply_seq_num)) {
- return False;
- }
-
- return True;
-}
-
-/***********************************************************
Is client signing on ?
************************************************************/