sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-29 13:49:30 +03:00
Code Activity

Fix signing bug found by Volker. That one was *subtle*.

Browse Source 
Jeremy
This commit is contained in:
Jeremy Allison
2007-12-04 13:30:29 -08:00
parent 33860a8434
commit 040db1ce85
2 changed files with 5 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
source/libsmb/clitrans.c
View File

@ -95,14 +95,9 @@ BOOL cli_send_trans(struct cli_state *cli, int trans,
return False; return False;
} }
/* Note we're in a trans state. Save the sequence
* numbers for replies. */
client_set_trans_sign_state_on(cli, mid);
if (this_ldata < ldata || this_lparam < lparam) { if (this_ldata < ldata || this_lparam < lparam) {
/* receive interim response */ /* receive interim response */
if (!cli_receive_smb(cli) || cli_is_error(cli)) { if (!cli_receive_smb(cli) || cli_is_error(cli)) {
client_set_trans_sign_state_off(cli, mid);
return(False); return(False);
} }
@ -144,7 +139,6 @@ BOOL cli_send_trans(struct cli_state *cli, int trans,
show_msg(cli->outbuf); show_msg(cli->outbuf);
if (!cli_send_smb(cli)) { if (!cli_send_smb(cli)) {
client_set_trans_sign_state_off(cli, mid);
return False; return False;
} }
@ -323,7 +317,6 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans,
out: out:
client_set_trans_sign_state_off(cli, SVAL(cli->inbuf,smb_mid));
return ret; return ret;
} }
@ -391,14 +384,9 @@ BOOL cli_send_nt_trans(struct cli_state *cli,
return False; return False;
} }
/* Note we're in a trans state. Save the sequence
* numbers for replies. */
client_set_trans_sign_state_on(cli, mid);
if (this_ldata < ldata || this_lparam < lparam) { if (this_ldata < ldata || this_lparam < lparam) {
/* receive interim response */ /* receive interim response */
if (!cli_receive_smb(cli) || cli_is_error(cli)) { if (!cli_receive_smb(cli) || cli_is_error(cli)) {
client_set_trans_sign_state_off(cli, mid);
return(False); return(False);
} }
@ -440,7 +428,6 @@ BOOL cli_send_nt_trans(struct cli_state *cli,
show_msg(cli->outbuf); show_msg(cli->outbuf);
if (!cli_send_smb(cli)) { if (!cli_send_smb(cli)) {
client_set_trans_sign_state_off(cli, mid);
return False; return False;
} }
@ -640,6 +627,5 @@ BOOL cli_receive_nt_trans(struct cli_state *cli,
out: out:
client_set_trans_sign_state_off(cli, SVAL(cli->inbuf,smb_mid));
return ret; return ret;
} }

75
source/libsmb/smb_signing.c
View File

@ -26,7 +26,6 @@ struct outstanding_packet_lookup {
struct outstanding_packet_lookup *prev, *next; struct outstanding_packet_lookup *prev, *next;
uint16 mid; uint16 mid;
uint32 reply_seq_num; uint32 reply_seq_num;
BOOL can_delete; /* Set to False in trans state. */
}; };
struct smb_basic_signing_context { struct smb_basic_signing_context {
@ -43,7 +42,9 @@ static BOOL store_sequence_for_reply(struct outstanding_packet_lookup **list,
/* Ensure we only add a mid once. */ /* Ensure we only add a mid once. */
for (t = *list; t; t = t->next) { for (t = *list; t; t = t->next) {
if (t->mid == mid) { if (t->mid == mid) {
return False; DLIST_REMOVE(*list, t);
SAFE_FREE(t);
break;
} }
} }
@ -52,7 +53,6 @@ static BOOL store_sequence_for_reply(struct outstanding_packet_lookup **list,
t->mid = mid; t->mid = mid;
t->reply_seq_num = reply_seq_num; t->reply_seq_num = reply_seq_num;
t->can_delete = True;
/* /*
* Add to the *start* of the list not the end of the list. * Add to the *start* of the list not the end of the list.
@ -79,23 +79,8 @@ static BOOL get_sequence_for_reply(struct outstanding_packet_lookup **list,
*reply_seq_num = t->reply_seq_num; *reply_seq_num = t->reply_seq_num;
DEBUG(10,("get_sequence_for_reply: found seq = %u mid = %u\n", DEBUG(10,("get_sequence_for_reply: found seq = %u mid = %u\n",
(unsigned int)t->reply_seq_num, (unsigned int)t->mid )); (unsigned int)t->reply_seq_num, (unsigned int)t->mid ));
if (t->can_delete) {
DLIST_REMOVE(*list, t); DLIST_REMOVE(*list, t);
SAFE_FREE(t); SAFE_FREE(t);
}
return True;
}
}
return False;
}
static BOOL set_sequence_can_delete_flag(struct outstanding_packet_lookup **list, uint16 mid, BOOL can_delete_entry)
{
struct outstanding_packet_lookup *t;
for (t = *list; t; t = t->next) {
if (t->mid == mid) {
t->can_delete = can_delete_entry;
return True; return True;
} }
} }
@ -603,60 +588,6 @@ BOOL cli_check_sign_mac(struct cli_state *cli)
return True; return True;
} }
/***********************************************************
Enter trans/trans2/nttrans state.
************************************************************/
BOOL client_set_trans_sign_state_on(struct cli_state *cli, uint16 mid)
{
struct smb_sign_info *si = &cli->sign_info;
struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context;
if (!si->doing_signing) {
return True;
}
if (!data) {
return False;
}
if (!set_sequence_can_delete_flag(&data->outstanding_packet_list, mid, False)) {
return False;
}
return True;
}
/***********************************************************
Leave trans/trans2/nttrans state.
************************************************************/
BOOL client_set_trans_sign_state_off(struct cli_state *cli, uint16 mid)
{
uint32 reply_seq_num;
struct smb_sign_info *si = &cli->sign_info;
struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context;
if (!si->doing_signing) {
return True;
}
if (!data) {
return False;
}
if (!set_sequence_can_delete_flag(&data->outstanding_packet_list, mid, True)) {
return False;
}
/* Now delete the stored mid entry. */
if (!get_sequence_for_reply(&data->outstanding_packet_list, mid, &reply_seq_num)) {
return False;
}
return True;
}
/*********************************************************** /***********************************************************
SMB signing - Server implementation - send the MAC. SMB signing - Server implementation - send the MAC.
************************************************************/ ************************************************************/