sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-07 17:18:11 +03:00
Code

s3: smbd: init_smb1_request() isn't being passed zero'ed memory from any codepath.

Browse Source 
If a client does a SMB1 NEGPROT followed by SMB1 TCON
then req->session is left uninitialized.

Show this causes a crash by deliberately initializing
req->session to an invalid pointer. This will be removed
once the test shows the crash, and the fix is added to
cause init_smb1_request() to zero the memory passed in.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15432

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(Back-ported from commit f02f74e931)
This commit is contained in:
Jeremy Allison 2023-08-11 17:14:38 -07:00 committed by Jule Anger
parent fec8cda70b
commit d2c16aada7
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
source3/smbd/smb2_process.c
View File

@ -793,6 +793,7 @@ bool init_smb1_request(struct smb_request *req,
req->smb2req = NULL;
req->chain = NULL;
req->posix_pathnames = lp_posix_pathnames();
req->session = (void *)0xDEADBEEF;
smb_init_perfcount_data(&req->pcd);
/* Ensure we have at least wct words and 2 bytes of bcc. */