From d0b0ed90ebc0ed5d4b8c07c8362753df34a00ef9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 29 Jun 2006 21:30:58 +0000 Subject: r16696: Fix the multiple-outstanding write and trans client signing bug. Jeremy. (This used to be commit 3b7fbe856cea7cbb5bf91844f94f221be0a2c627) --- source3/libsmb/smb_signing.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) (limited to 'source3') diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c index d68f161e23..68c259ba03 100644 --- a/source3/libsmb/smb_signing.c +++ b/source3/libsmb/smb_signing.c @@ -332,7 +332,22 @@ static void client_sign_outgoing_message(char *outbuf, struct smb_sign_info *si) /* cli->outbuf[smb_ss_field+2]=0; Uncomment this to test if the remote server actually verifies signatures...*/ - data->send_seq_num += 2; + /* Instead of re-introducing the trans_info_conect we + used to have here, we use the fact that during a + SMBtrans/SMBtrans2/SMBnttrans send that the mid stays + constant. This means that calling store_sequence_for_reply() + will return False for all trans secondaries, as the mid is already + on the stored sequence list. As the send_seqence_number must + remain constant for all primary+secondary trans sends, we + only increment the send sequence number when we successfully + add a new entry to the outstanding sequence list. This means + I can isolate the fix here rather than re-adding the trans + signing on/off calls in libsmb/clitrans2.c JRA. + */ + + if (store_sequence_for_reply(&data->outstanding_packet_list, SVAL(outbuf,smb_mid), data->send_seq_num + 1)) { + data->send_seq_num += 2; + } } /*********************************************************** @@ -356,7 +371,12 @@ static BOOL client_check_incoming_message(char *inbuf, struct smb_sign_info *si, return False; } - reply_seq_number = data->send_seq_num - 1; + if (!get_sequence_for_reply(&data->outstanding_packet_list, SVAL(inbuf, smb_mid), &reply_seq_number)) { + DEBUG(1, ("client_check_incoming_message: received message " + "with mid %u with no matching send record.\n", (unsigned int)SVAL(inbuf, smb_mid) )); + return False; + } + simple_packet_signature(data, (const unsigned char *)inbuf, reply_seq_number, calc_md5_mac); -- cgit