smbXsrv_client: correctly check in negotiate_request.length smbXsrv_client_connection...

author Stefan Metzmacher <metze@samba.org>

Tue, 30 Aug 2022 14:56:12 +0000 (16:56 +0200)

committer Jeremy Allison <jra@samba.org>

Fri, 2 Sep 2022 20:02:29 +0000 (20:02 +0000)
author Stefan Metzmacher <metze@samba.org>
Tue, 30 Aug 2022 14:56:12 +0000 (16:56 +0200)
committer Jeremy Allison <jra@samba.org>
Fri, 2 Sep 2022 20:02:29 +0000 (20:02 +0000)
diff --git a/source3/smbd/smbXsrv_client.c b/source3/smbd/smbXsrv_client.c

index 079ca80ad121b4208d88b7a59909dde6da69be05..7cf51b2d0226293589b15a4ada1ffbb6b7becbe7 100644 (file)
--- a/source3/smbd/smbXsrv_client.c
+++ b/source3/smbd/smbXsrv_client.c
@@ -614,10 +614,6 @@ static bool smb2srv_client_mc_negprot_filter(struct messaging_rec *rec, void *pr
                 return false;
         }
  
-       if (rec->buf.length < SMB2_HDR_BODY) {
-               return false;
-       }
-
         return true;
  }
  
@@ -707,6 +703,14 @@ static void smb2srv_client_mc_negprot_done(struct tevent_req *subreq)
                 return;
         }
  
+       if (passed_info0->negotiate_request.length != 0) {
+               DBG_ERR("negotiate_request.length[%zu]\n",
+                       passed_info0->negotiate_request.length);
+               NDR_PRINT_DEBUG(smbXsrv_connection_passB, &passed_blob);
+               tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+               return;
+       }
+
         tevent_req_nterror(req, NT_STATUS_MESSAGE_RETRIEVED);
  }
  
@@ -931,12 +935,6 @@ static bool smbXsrv_client_connection_pass_filter(struct messaging_rec *rec, voi
                 return false;
         }
  
-       if (rec->buf.length < SMB2_HDR_BODY) {
-               return false;
-       }
-
-       /* TODO: verify client_guid...? */
-
         return true;
  }
  
@@ -1029,6 +1027,15 @@ static void smbXsrv_client_connection_pass_loop(struct tevent_req *subreq)
                 goto next;
         }
  
+       if (pass_info0->negotiate_request.length < SMB2_HDR_BODY) {
+               DBG_WARNING("negotiate_request.length[%zu]\n",
+                           pass_info0->negotiate_request.length);
+               if (DEBUGLVL(DBGLVL_WARNING)) {
+                       NDR_PRINT_DEBUG(smbXsrv_connection_passB, &pass_blob);
+               }
+               goto next;
+       }
+
         status = smb2srv_client_connection_passed(client, pass_info0);
         if (!NT_STATUS_IS_OK(status)) {
                 const char *r = "smb2srv_client_connection_passed() failed";
author	Stefan Metzmacher <metze@samba.org>
	Tue, 30 Aug 2022 14:56:12 +0000 (16:56 +0200)
committer	Jeremy Allison <jra@samba.org>
	Fri, 2 Sep 2022 20:02:29 +0000 (20:02 +0000)