From: Stefan Metzmacher Date: Thu, 10 Jun 2021 16:03:15 +0000 (+0000) Subject: s3:smbd: fix a NULL pointer deference caused by smb2srv_update_crypto_flags() X-Git-Tag: samba-4.15.0rc1~48 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aa29d89942355f988815d3b4b562bf3cf0f26b94;p=thirdparty%2Fsamba.git s3:smbd: fix a NULL pointer deference caused by smb2srv_update_crypto_flags() When we used a fake session structure from smb2srv_session_lookup_global() there's no point in updating any database. Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison --- diff --git a/selftest/knownfail.d/smb2.session b/selftest/knownfail.d/smb2.session index d5a0770c3a4..4521b67888e 100644 --- a/selftest/knownfail.d/smb2.session +++ b/selftest/knownfail.d/smb2.session @@ -1,30 +1,9 @@ -^samba3.smb2.session.*bind_negative_smb3encGtoC -^samba3.smb2.session.plain.bind_negative_smb202.nt4_dc -^samba3.smb2.session.plain.bind_negative_smb210d.nt4_dc -^samba3.smb2.session.plain.bind_negative_smb2to3d.nt4_dc -^samba3.smb2.session.plain.bind_negative_smb3to2d.nt4_dc -^samba3.smb2.session.plain.bind_negative_smb3to3d.nt4_dc -^samba3.smb2.session.enc.bind_negative_smb3to3d.nt4_dc -^samba3.smb2.session.ntlm.bind_negative_smb202.ad_dc +^samba3.smb2.session.*bind_negative_smb3encGtoCs ^samba3.smb2.session.ntlm.bind_negative_smb210s.ad_dc -^samba3.smb2.session.ntlm.bind_negative_smb210d.ad_dc ^samba3.smb2.session.ntlm.bind_negative_smb2to3s.ad_dc -^samba3.smb2.session.ntlm.bind_negative_smb2to3d.ad_dc ^samba3.smb2.session.ntlm.bind_negative_smb3to2s.ad_dc -^samba3.smb2.session.ntlm.bind_negative_smb3to2d.ad_dc ^samba3.smb2.session.ntlm.bind_negative_smb3to3s.ad_dc -^samba3.smb2.session.ntlm.bind_negative_smb3to3d.ad_dc -^samba3.smb2.session.krb5.bind_negative_smb202.ad_dc ^samba3.smb2.session.krb5.bind_negative_smb210s.ad_dc -^samba3.smb2.session.krb5.bind_negative_smb210d.ad_dc ^samba3.smb2.session.krb5.bind_negative_smb2to3s.ad_dc -^samba3.smb2.session.krb5.bind_negative_smb2to3d.ad_dc ^samba3.smb2.session.krb5.bind_negative_smb3to2s.ad_dc -^samba3.smb2.session.krb5.bind_negative_smb3to2d.ad_dc ^samba3.smb2.session.krb5.bind_negative_smb3to3s.ad_dc -^samba3.smb2.session.krb5.bind_negative_smb3to3d.ad_dc -^samba3.smb2.session.krb5.bind_negative_smb202.ad_member_idmap_rid -^samba3.smb2.session.krb5.bind_negative_smb210d.ad_member_idmap_rid -^samba3.smb2.session.krb5.bind_negative_smb2to3d.ad_member_idmap_rid -^samba3.smb2.session.krb5.bind_negative_smb3to2d.ad_member_idmap_rid -^samba3.smb2.session.krb5.bind_negative_smb3to3d.ad_member_idmap_rid diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 57a1085e11e..991a336855a 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -2748,6 +2748,18 @@ static void smb2srv_update_crypto_flags(struct smbd_smb2_request *req, bool update_session = false; bool update_tcon = false; + if (session->table == NULL) { + /* + * sessions from smb2srv_session_lookup_global() + * have NT_STATUS_BAD_LOGON_SESSION_STATE + * and session->table == NULL. + * + * They only used to give the correct error + * status, we should not update any state. + */ + goto out; + } + if (req->was_encrypted && req->do_encryption) { encrypt_flag = SMBXSRV_PROCESSED_ENCRYPTED_PACKET; sign_flag = SMBXSRV_PROCESSED_SIGNED_PACKET; @@ -2773,6 +2785,7 @@ static void smb2srv_update_crypto_flags(struct smbd_smb2_request *req, &tcon->global->signing_flags, sign_flag); } +out: *update_session_globalp = update_session; *update_tcon_globalp = update_tcon; return;