s3:libsmb: check the wct of the incoming SMBnegprot responses

author Stefan Metzmacher <metze@samba.org>

Mon, 12 Sep 2011 19:06:53 +0000 (12:06 -0700)

committer Karolin Seeger <kseeger@samba.org>

Thu, 15 Sep 2011 18:38:22 +0000 (20:38 +0200)
author Stefan Metzmacher <metze@samba.org>
Mon, 12 Sep 2011 19:06:53 +0000 (12:06 -0700)
committer Karolin Seeger <kseeger@samba.org>
Thu, 15 Sep 2011 18:38:22 +0000 (20:38 +0200)
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c

index d3248993bd9bb0e9e8663f265a613f3bf3b6e54d..81c1819964fa4db07c764acafc5c55739c85bfce 100644 (file)
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -2643,6 +2643,11 @@ static void cli_negprot_done(struct tevent_req *subreq)
                 struct timespec ts;
                 bool negotiated_smb_signing = false;
  
+               if (wct != 0x11) {
+                       tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+                       return;
+               }
+
                 /* NT protocol */
                 cli->sec_mode = CVAL(vwv + 1, 0);
                 cli->max_mux = SVAL(vwv + 1, 1);
@@ -2716,6 +2721,11 @@ static void cli_negprot_done(struct tevent_req *subreq)
                 }
  
         } else if (cli->protocol >= PROTOCOL_LANMAN1) {
+               if (wct != 0x0D) {
+                       tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+                       return;
+               }
+
                 cli->use_spnego = False;
                 cli->sec_mode = SVAL(vwv + 1, 0);
                 cli->max_xmit = SVAL(vwv + 2, 0);
author	Stefan Metzmacher <metze@samba.org>
	Mon, 12 Sep 2011 19:06:53 +0000 (12:06 -0700)
committer	Karolin Seeger <kseeger@samba.org>
	Thu, 15 Sep 2011 18:38:22 +0000 (20:38 +0200)