diff options
| -rw-r--r-- | source4/smb_server/smb/sesssetup.c | 7 | ||||
| -rw-r--r-- | source4/smb_server/smb2/sesssetup.c | 9 |
2 files changed, 16 insertions, 0 deletions
diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 419a8cbf79..6b50bcb48e 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -31,6 +31,7 @@ #include "smbd/service_stream.h" #include "param/param.h" #include "../lib/tsocket/tsocket.h" +#include "lib/stream/packet.h" struct sesssetup_context { struct auth_context *auth_context; @@ -371,6 +372,7 @@ static void sesssetup_spnego_send(struct tevent_req *subreq) DATA_BLOB session_key; status = gensec_update_recv(subreq, req, &sess->spnego.out.secblob); + packet_recv_enable(req->smb_conn->packet); TALLOC_FREE(subreq); if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { goto done; @@ -488,6 +490,11 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se if (!subreq) { goto nomem; } + /* disable receipt of more packets on this socket until we've + finished with the session setup. This avoids a problem with + crashes if we get EOF on the socket while processing a session + setup */ + packet_recv_disable(req->smb_conn->packet); tevent_req_set_callback(subreq, sesssetup_spnego_send, s); return; diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c index 9b601d17c0..ddc161d80c 100644 --- a/source4/smb_server/smb2/sesssetup.c +++ b/source4/smb_server/smb2/sesssetup.c @@ -27,6 +27,7 @@ #include "smb_server/smb_server.h" #include "smb_server/smb2/smb2_server.h" #include "smbd/service_stream.h" +#include "lib/stream/packet.h" static void smb2srv_sesssetup_send(struct smb2srv_request *req, union smb_sesssetup *io) { @@ -68,6 +69,8 @@ static void smb2srv_sesssetup_callback(struct tevent_req *subreq) struct auth_session_info *session_info = NULL; NTSTATUS status; + packet_recv_enable(req->smb_conn->packet); + status = gensec_update_recv(subreq, req, &io->smb2.out.secblob); TALLOC_FREE(subreq); if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { @@ -199,6 +202,12 @@ static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_ses goto failed; } + /* disable receipt of more packets on this socket until we've + finished with the session setup. This avoids a problem with + crashes if we get EOF on the socket while processing a session + setup */ + packet_recv_disable(req->smb_conn->packet); + return; nomem: status = NT_STATUS_NO_MEMORY; |