From c2f5b2466bb05939c953341517da6d9df814b27c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 2 Oct 2012 17:30:54 -0700 Subject: Fix bug #9214 - Bad user supplied SMB2 credit value can cause smbd to call smb_panic. Terminate the connection cleanly instead. --- source3/smbd/smb2_server.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'source3/smbd') diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index dcaefb1689..d92302ede5 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -780,7 +780,12 @@ static void smb2_set_operation_credit(struct smbd_server_connection *sconn, out_status = NT_STATUS(IVAL(outhdr, SMB2_HDR_STATUS)); SMB_ASSERT(sconn->smb2.max_credits >= sconn->smb2.credits_granted); - SMB_ASSERT(sconn->smb2.max_credits >= credit_charge); + + if (sconn->smb2.max_credits < credit_charge) { + smbd_server_connection_terminate(sconn, + "client error: credit charge > max credits\n"); + return; + } if (out_flags & SMB2_HDR_FLAG_ASYNC) { /* -- cgit