From 2fa922611bf7160e2c1ce80c11b50006448bf98d Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 11 Apr 2000 13:55:53 +0000
Subject: finally got sick of the "extern int Client" code and the stupid
 assumption that we have one socket everywhere

while doing so I discovered a few bugs!

1) the clientgen session retarget code if used from smbd or nmbd would
cause a crash as it called close_sockets() which closed our main
socket! fixed by removing close_sockets() completely - it is unnecessary

2) the caching in client_addr() and client_name() was bogus - it could
easily get fooled and give the wrong result. fixed.

3) the retarget could could recurse, allowing an easy denial of
service attack on nmbd. fixed.
(This used to be commit 5937ab14d222696e40a3fc6f0e6a536f2d7305d3)
---
 source3/libsmb/clientgen.c | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

(limited to 'source3/libsmb/clientgen.c')

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 29c228ecfa..6472cf0380 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -88,10 +88,9 @@ static BOOL cli_send_smb(struct cli_state *cli)
 			}
 		}
 		if (ret <= 0) {
-			DEBUG(0,("Error writing %d bytes to client. %d. Exiting\n",
+			DEBUG(0,("Error writing %d bytes to client. %d\n",
 				 (int)len,(int)ret));
-			close_sockets();
-			exit(1);
+			return False;
 		}
 		nwritten += ret;
 	}
@@ -1516,11 +1515,11 @@ size_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t
 
 		if (size2 > block) {
 			DEBUG(0,("server returned more than we wanted!\n"));
-			exit(1);
+			return -1;
 		}
 		if (mid >= issued) {
 			DEBUG(0,("invalid mid from server!\n"));
-			exit(1);
+			return -1;
 		}
 		p = smb_base(cli->inbuf) + SVAL(cli->inbuf,smb_vwv6);
 
@@ -2551,7 +2550,6 @@ retry:
 		/* SESSION RETARGET */
 		putip((char *)&cli->dest_ip,cli->inbuf+4);
 
-		close_sockets();
 		cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ip, port, LONG_CONNECT_TIMEOUT);
 		if (cli->fd == -1)
 			return False;
@@ -2561,7 +2559,18 @@ retry:
 		set_socket_options(cli->fd,user_socket_options);
 
 		/* Try again */
-		return cli_session_request(cli, calling, called);
+		{
+			static int depth;
+			BOOL ret;
+			if (depth > 4) {
+				DEBUG(0,("Retarget recursion - failing\n"));
+				return False;
+			}
+			depth++;
+			ret = cli_session_request(cli, calling, called);
+			depth--;
+			return ret;
+		}
 	} /* C. Hoch 9/14/95 End */
 
 #ifdef WITH_SSL
-- 
cgit