summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/smbd/reply.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 914f1801d2..23fedccd88 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -54,7 +54,6 @@ static void overflow_attack(int len)
dbgtext( "attempting to exploit an old bug.\n" );
dbgtext( "Attack was from IP = %s.\n", client_addr() );
}
- exit_server("possible attack");
}
@@ -270,6 +269,7 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
if (passlen > MAX_PASS_LEN) {
overflow_attack(passlen);
+ return(ERROR(ERRDOS,ERRbuftoosmall));
}
memcpy(password,smb_buf(inbuf),passlen);
@@ -704,8 +704,10 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
if (Protocol < PROTOCOL_NT1) {
smb_apasslen = SVAL(inbuf,smb_vwv7);
- if (smb_apasslen > MAX_PASS_LEN)
- overflow_attack(smb_apasslen);
+ if (smb_apasslen > MAX_PASS_LEN) {
+ overflow_attack(smb_apasslen);
+ return(ERROR(ERRDOS,ERRbuftoosmall));
+ }
memcpy(smb_apasswd,smb_buf(inbuf),smb_apasslen);
smb_apasswd[smb_apasslen] = 0;
@@ -738,7 +740,8 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
doencrypt = False;
if (passlen1 > MAX_PASS_LEN) {
- overflow_attack(passlen1);
+ overflow_attack(passlen1);
+ return(ERROR(ERRDOS,ERRbuftoosmall));
}
passlen1 = MIN(passlen1, MAX_PASS_LEN);