From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 23 Dec 2015 10:05:45 +0000 (+0100)
Subject: CVE-2015-5370: libcli/smb: use a max timeout of 1 second in tstream_smbXcli_np_destru... 
X-Git-Tag: samba-4.2.10~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8e0b06a895002842fa7516d5e0364f0fbca85a64;p=thirdparty%2Fsamba.git

CVE-2015-5370: libcli/smb: use a max timeout of 1 second in tstream_smbXcli_np_destructor()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---

diff --git a/libcli/smb/tstream_smbXcli_np.c b/libcli/smb/tstream_smbXcli_np.c
index 9cd6302c8c7..248bfb02cfc 100644
--- a/libcli/smb/tstream_smbXcli_np.c
+++ b/libcli/smb/tstream_smbXcli_np.c
@@ -111,7 +111,11 @@ static int tstream_smbXcli_np_destructor(struct tstream_smbXcli_np *cli_nps)
 	 * Once we've fixed all callers to call
 	 * tstream_disconnect_send()/_recv(), this will
 	 * never be called.
+	 *
+	 * We use a maximun timeout of 1 second == 1000 msec.
 	 */
+	cli_nps->timeout = MIN(cli_nps->timeout, 1000);
+
 	if (cli_nps->is_smb1) {
 		status = smb1cli_close(cli_nps->conn,
 				       cli_nps->timeout,