]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
s3:smbd: fix a NULL pointer deference caused by smb2srv_update_crypto_flags()
authorStefan Metzmacher <metze@samba.org>
Thu, 10 Jun 2021 16:03:15 +0000 (16:03 +0000)
committerStefan Metzmacher <metze@samba.org>
Thu, 15 Jul 2021 00:06:31 +0000 (00:06 +0000)
When we used a fake session structure from
smb2srv_session_lookup_global() there's no point in updating
any database.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
selftest/knownfail.d/smb2.session
source3/smbd/smb2_server.c

index d5a0770c3a4416f52a2b3a7dcf962ad3ac4b2dc4..4521b67888e5da397a4d6aced70501a6cb24091e 100644 (file)
@@ -1,30 +1,9 @@
-^samba3.smb2.session.*bind_negative_smb3encGtoC
-^samba3.smb2.session.plain.bind_negative_smb202.nt4_dc
-^samba3.smb2.session.plain.bind_negative_smb210d.nt4_dc
-^samba3.smb2.session.plain.bind_negative_smb2to3d.nt4_dc
-^samba3.smb2.session.plain.bind_negative_smb3to2d.nt4_dc
-^samba3.smb2.session.plain.bind_negative_smb3to3d.nt4_dc
-^samba3.smb2.session.enc.bind_negative_smb3to3d.nt4_dc
-^samba3.smb2.session.ntlm.bind_negative_smb202.ad_dc
+^samba3.smb2.session.*bind_negative_smb3encGtoCs
 ^samba3.smb2.session.ntlm.bind_negative_smb210s.ad_dc
-^samba3.smb2.session.ntlm.bind_negative_smb210d.ad_dc
 ^samba3.smb2.session.ntlm.bind_negative_smb2to3s.ad_dc
-^samba3.smb2.session.ntlm.bind_negative_smb2to3d.ad_dc
 ^samba3.smb2.session.ntlm.bind_negative_smb3to2s.ad_dc
-^samba3.smb2.session.ntlm.bind_negative_smb3to2d.ad_dc
 ^samba3.smb2.session.ntlm.bind_negative_smb3to3s.ad_dc
-^samba3.smb2.session.ntlm.bind_negative_smb3to3d.ad_dc
-^samba3.smb2.session.krb5.bind_negative_smb202.ad_dc
 ^samba3.smb2.session.krb5.bind_negative_smb210s.ad_dc
-^samba3.smb2.session.krb5.bind_negative_smb210d.ad_dc
 ^samba3.smb2.session.krb5.bind_negative_smb2to3s.ad_dc
-^samba3.smb2.session.krb5.bind_negative_smb2to3d.ad_dc
 ^samba3.smb2.session.krb5.bind_negative_smb3to2s.ad_dc
-^samba3.smb2.session.krb5.bind_negative_smb3to2d.ad_dc
 ^samba3.smb2.session.krb5.bind_negative_smb3to3s.ad_dc
-^samba3.smb2.session.krb5.bind_negative_smb3to3d.ad_dc
-^samba3.smb2.session.krb5.bind_negative_smb202.ad_member_idmap_rid
-^samba3.smb2.session.krb5.bind_negative_smb210d.ad_member_idmap_rid
-^samba3.smb2.session.krb5.bind_negative_smb2to3d.ad_member_idmap_rid
-^samba3.smb2.session.krb5.bind_negative_smb3to2d.ad_member_idmap_rid
-^samba3.smb2.session.krb5.bind_negative_smb3to3d.ad_member_idmap_rid
index 57a1085e11e14a94caf25f527f46c1a0e54ac2e7..991a336855a7481d194e8d872a5386cd66341166 100644 (file)
@@ -2748,6 +2748,18 @@ static void smb2srv_update_crypto_flags(struct smbd_smb2_request *req,
        bool update_session = false;
        bool update_tcon = false;
 
+       if (session->table == NULL) {
+               /*
+                * sessions from smb2srv_session_lookup_global()
+                * have NT_STATUS_BAD_LOGON_SESSION_STATE
+                * and session->table == NULL.
+                *
+                * They only used to give the correct error
+                * status, we should not update any state.
+                */
+               goto out;
+       }
+
        if (req->was_encrypted && req->do_encryption) {
                encrypt_flag = SMBXSRV_PROCESSED_ENCRYPTED_PACKET;
                sign_flag = SMBXSRV_PROCESSED_SIGNED_PACKET;
@@ -2773,6 +2785,7 @@ static void smb2srv_update_crypto_flags(struct smbd_smb2_request *req,
                        &tcon->global->signing_flags, sign_flag);
        }
 
+out:
        *update_session_globalp = update_session;
        *update_tcon_globalp = update_tcon;
        return;