The branch, master has been updated via ac4a77ccca08b73f828938a0cfaece66b1c9deea (commit) from 3656cb2e57d971f8119024dff8eb3594b559592d (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit ac4a77ccca08b73f828938a0cfaece66b1c9deea Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Fri Dec 5 13:20:55 2008 -0800 Fix for crash bug freeing a non-malloc'ed buffer if the client sends a non-encrypted packet with the crypto state set. ----------------------------------------------------------------------- Summary of changes: source3/libsmb/smb_seal.c | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c index a81ae9a..795c8bc 100644 --- a/source3/libsmb/smb_seal.c +++ b/source3/libsmb/smb_seal.c @@ -388,10 +388,17 @@ void common_free_encryption_state(struct smb_trans_enc_state **pp_es) void common_free_enc_buffer(struct smb_trans_enc_state *es, char *buf) { + uint16_t enc_ctx_num; + if (!common_encryption_on(es)) { return; } + if (!NT_STATUS_IS_OK(get_enc_ctx_num((const uint8_t *)buf, + &enc_ctx_num))) { + return; + } + if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) { SAFE_FREE(buf); return; -- Samba Shared Repository