summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2001-05-25 02:45:07 +0000
committerAndrew Tridgell <tridge@samba.org>2001-05-25 02:45:07 +0000
commitfe6208d09a380e29831240aeb84365f60d048c00 (patch)
tree0d34d1312702da2fe149402eb645f593dfd2cb35 /source3
parent15e66ba37ae56787897e49039e217b5426924829 (diff)
downloadsamba-fe6208d09a380e29831240aeb84365f60d048c00.tar.gz
samba-fe6208d09a380e29831240aeb84365f60d048c00.tar.bz2
samba-fe6208d09a380e29831240aeb84365f60d048c00.zip
return an error code on password attack, rather than exiting.
otherwise security scanners may think we are vulnerable! (This used to be commit ee8cb88682421464016d56209eecea764bddc032)
Diffstat (limited to 'source3')
-rw-r--r--source3/smbd/reply.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 914f1801d2..23fedccd88 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -54,7 +54,6 @@ static void overflow_attack(int len)
dbgtext( "attempting to exploit an old bug.\n" );
dbgtext( "Attack was from IP = %s.\n", client_addr() );
}
- exit_server("possible attack");
}
@@ -270,6 +269,7 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
if (passlen > MAX_PASS_LEN) {
overflow_attack(passlen);
+ return(ERROR(ERRDOS,ERRbuftoosmall));
}
memcpy(password,smb_buf(inbuf),passlen);
@@ -704,8 +704,10 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
if (Protocol < PROTOCOL_NT1) {
smb_apasslen = SVAL(inbuf,smb_vwv7);
- if (smb_apasslen > MAX_PASS_LEN)
- overflow_attack(smb_apasslen);
+ if (smb_apasslen > MAX_PASS_LEN) {
+ overflow_attack(smb_apasslen);
+ return(ERROR(ERRDOS,ERRbuftoosmall));
+ }
memcpy(smb_apasswd,smb_buf(inbuf),smb_apasslen);
smb_apasswd[smb_apasslen] = 0;
@@ -738,7 +740,8 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
doencrypt = False;
if (passlen1 > MAX_PASS_LEN) {
- overflow_attack(passlen1);
+ overflow_attack(passlen1);
+ return(ERROR(ERRDOS,ERRbuftoosmall));
}
passlen1 = MIN(passlen1, MAX_PASS_LEN);