From ac647d03ac271b0a81b6c8041e2c6b84ada13aca Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 19 Oct 2008 13:44:11 +0200 Subject: Move the global hosts_allow() check out of the processing loop --- source3/smbd/process.c | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) (limited to 'source3/smbd/process.c') diff --git a/source3/smbd/process.c b/source3/smbd/process.c index ceffd6f46c..7b0d14968a 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1534,25 +1534,6 @@ static void process_smb(char *inbuf, size_t nread, size_t unread_bytes, bool enc DO_PROFILE_INC(smb_count); - if (trans_num == 0) { - char addr[INET6_ADDRSTRLEN]; - - /* on the first packet, check the global hosts allow/ hosts - deny parameters before doing any parsing of the packet - passed to us by the client. This prevents attacks on our - parsing code from hosts not in the hosts allow list */ - - if (!check_access(smbd_server_fd(), lp_hostsallow(-1), - lp_hostsdeny(-1))) { - /* send a negative session response "not listening on calling name" */ - static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81}; - DEBUG( 1, ( "Connection denied from %s\n", - client_addr(get_client_fd(),addr,sizeof(addr)) ) ); - (void)srv_send_smb(smbd_server_fd(),(char *)buf,false); - exit_server_cleanly("connection denied"); - } - } - DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type, smb_len(inbuf) ) ); DEBUG( 3, ( "Transaction %d of length %d (%u toread)\n", trans_num, @@ -1893,6 +1874,28 @@ void smbd_process(void) unsigned int num_smbs = 0; size_t unread_bytes = 0; + char addr[INET6_ADDRSTRLEN]; + + /* + * Before the first packet, check the global hosts allow/ hosts deny + * parameters before doing any parsing of packets passed to us by the + * client. This prevents attacks on our parsing code from hosts not in + * the hosts allow list. + */ + + if (!check_access(smbd_server_fd(), lp_hostsallow(-1), + lp_hostsdeny(-1))) { + /* + * send a negative session response "not listening on calling + * name" + */ + unsigned char buf[5] = {0x83, 0, 0, 1, 0x81}; + DEBUG( 1, ("Connection denied from %s\n", + client_addr(get_client_fd(),addr,sizeof(addr)) ) ); + (void)srv_send_smb(smbd_server_fd(),(char *)buf,false); + exit_server_cleanly("connection denied"); + } + max_recv = MIN(lp_maxxmit(),BUFFER_SIZE); while (True) { -- cgit From 1510b7b8c99ea64a8fabdb89c5868b2f5895fdbf Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 19 Oct 2008 14:50:55 +0200 Subject: Use a direct compare instead of calling strncmp in valid_smb_header --- source3/smbd/process.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source3/smbd/process.c') diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 7b0d14968a..c74c7fd445 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -105,7 +105,11 @@ static bool valid_smb_header(const uint8_t *inbuf) if (is_encrypted_packet(inbuf)) { return true; } - return (strncmp(smb_base(inbuf),"\377SMB",4) == 0); + /* + * This used to be (strncmp(smb_base(inbuf),"\377SMB",4) == 0) + * but it just looks weird to call strncmp for this one. + */ + return (IVAL(smb_base(inbuf), 0) == 0x424D53FF); } /* Socket functions for smbd packet processing. */ -- cgit From 48d3a1d2fb5569ab11ffef8b903af91d77d326a3 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 19 Oct 2008 15:17:12 +0200 Subject: "fn_new"->"fn" in smb_messages[], we got beyond that :-) --- source3/smbd/process.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/smbd/process.c') diff --git a/source3/smbd/process.c b/source3/smbd/process.c index c74c7fd445..a8b93d8e1c 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -978,7 +978,7 @@ force write permissions on print services. */ static const struct smb_message_struct { const char *name; - void (*fn_new)(struct smb_request *req); + void (*fn)(struct smb_request *req); int flags; } smb_messages[256] = { @@ -1354,7 +1354,7 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in exit_server_cleanly("Non-SMB packet"); } - if (smb_messages[type].fn_new == NULL) { + if (smb_messages[type].fn == NULL) { DEBUG(0,("Unknown message type %d!\n",type)); smb_dump("Unknown", 1, (char *)req->inbuf, size); reply_unknown_new(req, type); @@ -1476,7 +1476,7 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in return conn; } - smb_messages[type].fn_new(req); + smb_messages[type].fn(req); return req->conn; } -- cgit