From 36da9ac22d893219bfeff2e019b332716e4733ca Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 26 Nov 2019 12:53:09 -0800 Subject: [PATCH] s3: smbd: Only set xconn->smb1.negprot.done = true after supported_protocols[protocol].proto_reply_fn() succeeds. Otherwise we can end up with negprot.done set, but without smbXsrv_connection_init_tables() being called. This can cause a client self-crash. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205 Signed-off-by: Jeremy Allison Reviewed-by: Volker Lendecke Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Dec 4 21:27:24 UTC 2019 on sn-devel-184 (cherry picked from commit 8db0c1bff6f42feabd2e4d9dfb13ae12cc29607b) Autobuild-User(v4-11-test): Karolin Seeger Autobuild-Date(v4-11-test): Fri Dec 13 12:30:57 UTC 2019 on sn-devel-184 --- selftest/knownfail.d/smb1_fuzz_smbd | 1 - source3/smbd/negprot.c | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) delete mode 100644 selftest/knownfail.d/smb1_fuzz_smbd diff --git a/selftest/knownfail.d/smb1_fuzz_smbd b/selftest/knownfail.d/smb1_fuzz_smbd deleted file mode 100644 index 82b1b26254f..00000000000 --- a/selftest/knownfail.d/smb1_fuzz_smbd +++ /dev/null @@ -1 +0,0 @@ -^samba.tests.smbd_fuzztest diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 8317dc49086..e77c8f52261 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -588,7 +588,6 @@ void reply_negprot(struct smb_request *req) END_PROFILE(SMBnegprot); exit_server_cleanly("multiple negprot's are not permitted"); } - xconn->smb1.negprot.done = true; if (req->buflen == 0) { DEBUG(0, ("negprot got no protocols\n")); @@ -778,6 +777,8 @@ void reply_negprot(struct smb_request *req) DBG_INFO("negprot index=%zu\n", choice); + xconn->smb1.negprot.done = true; + /* We always have xconn->smb1.signing_state also for >= SMB2_02 */ signing_required = smb_signing_is_mandatory(xconn->smb1.signing_state); if (signing_required && (chosen_level < PROTOCOL_NT1)) { -- 2.11.4.GIT