From 5fe7d9c6d9482651859d91f3022ac5ae0a127835 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Mon, 17 Nov 2008 19:08:23 +0000 Subject: [PATCH] windows-smb-vc-uid-missing-20081117 LICENSE MIT FIXES 123655 Protect against an smb packet containing a uid for which we have no active session in the virtual circuit. --- src/WINNT/afsd/smb.c | 5 +++-- src/WINNT/afsd/smb_ioctl.c | 2 ++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/WINNT/afsd/smb.c b/src/WINNT/afsd/smb.c index ece4ff4..5e86247 100644 --- a/src/WINNT/afsd/smb.c +++ b/src/WINNT/afsd/smb.c @@ -4073,10 +4073,11 @@ long smb_ReceiveCoreTreeConnect(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t * tidp = smb_FindTID(vcp, newTid, SMB_FLAG_CREATE); uidp = smb_FindUID(vcp, ((smb_t *)inp)->uid, 0); + if (!uidp) + return CM_ERROR_BADSMB; userp = smb_GetUserFromUID(uidp); shareFound = smb_FindShare(vcp, uidp, shareName, &sharePath); - if (uidp) - smb_ReleaseUID(uidp); + smb_ReleaseUID(uidp); if (!shareFound) { smb_ReleaseTID(tidp, FALSE); return CM_ERROR_BADSHARENAME; diff --git a/src/WINNT/afsd/smb_ioctl.c b/src/WINNT/afsd/smb_ioctl.c index 8b35443..eb9e679 100644 --- a/src/WINNT/afsd/smb_ioctl.c +++ b/src/WINNT/afsd/smb_ioctl.c @@ -349,6 +349,8 @@ smb_IoctlV3Read(smb_fid_t *fidp, smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t count = smb_GetSMBParm(inp, 5); uidp = smb_FindUID(vcp, ((smb_t *)inp)->uid, 0); + if (!uidp) + return CM_ERROR_BADSMB; userp = smb_GetUserFromUID(uidp); osi_assertx(userp != NULL, "null cm_user_t"); iop->uidp = uidp; -- 1.9.4