From fe6208d09a380e29831240aeb84365f60d048c00 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 25 May 2001 02:45:07 +0000 Subject: return an error code on password attack, rather than exiting. otherwise security scanners may think we are vulnerable! (This used to be commit ee8cb88682421464016d56209eecea764bddc032) --- source3/smbd/reply.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'source3/smbd/reply.c') diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 914f1801d2..23fedccd88 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -54,7 +54,6 @@ static void overflow_attack(int len) dbgtext( "attempting to exploit an old bug.\n" ); dbgtext( "Attack was from IP = %s.\n", client_addr() ); } - exit_server("possible attack"); } @@ -270,6 +269,7 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt if (passlen > MAX_PASS_LEN) { overflow_attack(passlen); + return(ERROR(ERRDOS,ERRbuftoosmall)); } memcpy(password,smb_buf(inbuf),passlen); @@ -704,8 +704,10 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int if (Protocol < PROTOCOL_NT1) { smb_apasslen = SVAL(inbuf,smb_vwv7); - if (smb_apasslen > MAX_PASS_LEN) - overflow_attack(smb_apasslen); + if (smb_apasslen > MAX_PASS_LEN) { + overflow_attack(smb_apasslen); + return(ERROR(ERRDOS,ERRbuftoosmall)); + } memcpy(smb_apasswd,smb_buf(inbuf),smb_apasslen); smb_apasswd[smb_apasslen] = 0; @@ -738,7 +740,8 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int doencrypt = False; if (passlen1 > MAX_PASS_LEN) { - overflow_attack(passlen1); + overflow_attack(passlen1); + return(ERROR(ERRDOS,ERRbuftoosmall)); } passlen1 = MIN(passlen1, MAX_PASS_LEN); -- cgit