return an error code on password attack, rather than exiting.

otherwise security scanners may think we are vulnerable!
(This used to be commit ee8cb88682421464016d56209eecea764bddc032)

1 files changed, 7 insertions, 4 deletions

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 914f1801d2..23fedccd88 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -54,7 +54,6 @@ static void overflow_attack(int len)
 		dbgtext( "attempting to exploit an old bug.\n" );
 		dbgtext( "Attack was from IP = %s.\n", client_addr() );
 	}
-	exit_server("possible attack");
 }
 
 
@@ -270,6 +269,7 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
 
 	if (passlen > MAX_PASS_LEN) {
 		overflow_attack(passlen);
+		return(ERROR(ERRDOS,ERRbuftoosmall));
 	}
  
 	memcpy(password,smb_buf(inbuf),passlen);
@@ -704,8 +704,10 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
 
   if (Protocol < PROTOCOL_NT1) {
     smb_apasslen = SVAL(inbuf,smb_vwv7);
-    if (smb_apasslen > MAX_PASS_LEN)
-      overflow_attack(smb_apasslen);
+    if (smb_apasslen > MAX_PASS_LEN) {
+	    overflow_attack(smb_apasslen);
+	    return(ERROR(ERRDOS,ERRbuftoosmall));
+    }
 
     memcpy(smb_apasswd,smb_buf(inbuf),smb_apasslen);
     smb_apasswd[smb_apasslen] = 0;
@@ -738,7 +740,8 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
       doencrypt = False;
 
     if (passlen1 > MAX_PASS_LEN) {
-      overflow_attack(passlen1);
+	    overflow_attack(passlen1);
+	    return(ERROR(ERRDOS,ERRbuftoosmall));
     }
 
     passlen1 = MIN(passlen1, MAX_PASS_LEN);