From ea3db09f696b199171e78720d95197f458b15e93 Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Thu, 19 Sep 2013 11:18:32 -0700 Subject: libcli: continue to read from the socket even if the size is 0 This is an issue found by Codenomicon, with a malicious packet with 0 bytes UDP payload we will continiously be looping trying to react from the socket event and continiously do nothing as we will bail out thinking that we had a memory allocation error. Original fix comes from Volker Lendecke Signed-off-by: Matthieu Patou Reviewed-by: Volker Lendecke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Fri Sep 20 04:46:47 CEST 2013 on sn-devel-104 --- source4/libcli/dgram/dgramsocket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/libcli') diff --git a/source4/libcli/dgram/dgramsocket.c b/source4/libcli/dgram/dgramsocket.c index 3f06dc72bd..cd6d3e4c74 100644 --- a/source4/libcli/dgram/dgramsocket.c +++ b/source4/libcli/dgram/dgramsocket.c @@ -48,7 +48,7 @@ static void dgm_socket_recv(struct nbt_dgram_socket *dgmsock) } blob = data_blob_talloc(tmp_ctx, NULL, dsize); - if (blob.data == NULL) { + if ((dsize != 0) && (blob.data == NULL)) { talloc_free(tmp_ctx); return; } -- cgit