| commit | e02c21b0b8e3ed6f2d294458160c4f632af67ed3 | |
| author | Andrew Tridgell <tridge@samba.org> | |
| Fri, 17 Oct 1997 02:56:23 +0000 (17 02:56 +0000) | ||
| committer | Andrew Tridgell <tridge@samba.org> | |
| Fri, 17 Oct 1997 02:56:23 +0000 (17 02:56 +0000) | ||
| tree | 780ab178bf5d96e493bf7da62f97b7da742bf67e | treesnapshot (tar.gz zip) |
| parent | 51182b915268ed1af516090a6230fb8eee252691 | commitdiff |
fix the handling of negative name query responses and the handling of
packets with no answer section in general.
The fix has 2 parts:
1) set ans_name to the name we queried if nmb->answers == NULL
2) check for nmb->answers == NULL in several other places where we
currently check for nmb->answers->data
While doing this, I noticed there are lots of places in our nmbd code
where we make assumptions about the packets being well formed. Someone
could easily implement a denial of service attack on nmbd by sending a
packet that causes a null pointer dereference. Does anyone feel like
going through the code and adding checks? Probably the best solution
is to have a single function that "validates" a packet, making sure
that all the required fields are there. This will be a bit tricky as
what fields are required varies a lot between packets. A first pass
would be a function that prints "SUSPECT PACKET" when it hits a packet
that it suspects does not have a required field (or the field is badly
formatted), then we could use this on a live system to find any cases
we've missed.
Any takers?
packets with no answer section in general.
The fix has 2 parts:
1) set ans_name to the name we queried if nmb->answers == NULL
2) check for nmb->answers == NULL in several other places where we
currently check for nmb->answers->data
While doing this, I noticed there are lots of places in our nmbd code
where we make assumptions about the packets being well formed. Someone
could easily implement a denial of service attack on nmbd by sending a
packet that causes a null pointer dereference. Does anyone feel like
going through the code and adding checks? Probably the best solution
is to have a single function that "validates" a packet, making sure
that all the required fields are there. This will be a bit tricky as
what fields are required varies a lot between packets. A first pass
would be a function that prints "SUSPECT PACKET" when it hits a packet
that it suspects does not have a required field (or the field is badly
formatted), then we could use this on a live system to find any cases
we've missed.
Any takers?
| source/nameservresp.c | diffblobblamehistory |