From ea3db09f696b199171e78720d95197f458b15e93 Mon Sep 17 00:00:00 2001
From: Matthieu Patou <mat@matws.net>
Date: Thu, 19 Sep 2013 11:18:32 -0700
Subject: libcli: continue to read from the socket even if the size is 0

This is an issue found by Codenomicon, with a malicious packet with 0
bytes UDP payload we will continiously be looping trying to react from
the socket event and continiously do nothing as we will bail out
thinking that we had a memory allocation error.

Original fix comes from Volker Lendecke <vl@samba.org>

Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Sep 20 04:46:47 CEST 2013 on sn-devel-104
---
 source4/libcli/dgram/dgramsocket.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4')

diff --git a/source4/libcli/dgram/dgramsocket.c b/source4/libcli/dgram/dgramsocket.c
index 3f06dc72bd..cd6d3e4c74 100644
--- a/source4/libcli/dgram/dgramsocket.c
+++ b/source4/libcli/dgram/dgramsocket.c
@@ -48,7 +48,7 @@ static void dgm_socket_recv(struct nbt_dgram_socket *dgmsock)
 	}
 
 	blob = data_blob_talloc(tmp_ctx, NULL, dsize);
-	if (blob.data == NULL) {
+	if ((dsize != 0) && (blob.data == NULL)) {
 		talloc_free(tmp_ctx);
 		return;
 	}
-- 
cgit