From 76c3fd0e4e371f3535ca96163ec2c27798e3e6e7 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 20 Oct 2008 11:05:13 -0700 Subject: [PATCH] Move the global hosts_allow() check out of the processing loop: (cherry picked from commit 3c609efe12ee941dc0474e39b5e90ad39a075ff2) --- source/smbd/process.c | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/source/smbd/process.c b/source/smbd/process.c index 0b8ff4f34bc..fc7ac0546ca 100644 --- a/source/smbd/process.c +++ b/source/smbd/process.c @@ -1535,25 +1535,6 @@ static void process_smb(char *inbuf, size_t nread, size_t unread_bytes, bool enc DO_PROFILE_INC(smb_count); - if (trans_num == 0) { - char addr[INET6_ADDRSTRLEN]; - - /* on the first packet, check the global hosts allow/ hosts - deny parameters before doing any parsing of the packet - passed to us by the client. This prevents attacks on our - parsing code from hosts not in the hosts allow list */ - - if (!check_access(smbd_server_fd(), lp_hostsallow(-1), - lp_hostsdeny(-1))) { - /* send a negative session response "not listening on calling name" */ - static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81}; - DEBUG( 1, ( "Connection denied from %s\n", - client_addr(get_client_fd(),addr,sizeof(addr)) ) ); - (void)srv_send_smb(smbd_server_fd(),(char *)buf,false); - exit_server_cleanly("connection denied"); - } - } - DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type, smb_len(inbuf) ) ); DEBUG( 3, ( "Transaction %d of length %d (%u toread)\n", trans_num, @@ -1893,6 +1874,28 @@ void smbd_process(void) unsigned int num_smbs = 0; size_t unread_bytes = 0; + char addr[INET6_ADDRSTRLEN]; + + /* + * Before the first packet, check the global hosts allow/ hosts deny + * parameters before doing any parsing of packets passed to us by the + * client. This prevents attacks on our parsing code from hosts not in + * the hosts allow list. + */ + + if (!check_access(smbd_server_fd(), lp_hostsallow(-1), + lp_hostsdeny(-1))) { + /* + * send a negative session response "not listening on calling + * name" + */ + unsigned char buf[5] = {0x83, 0, 0, 1, 0x81}; + DEBUG( 1, ("Connection denied from %s\n", + client_addr(get_client_fd(),addr,sizeof(addr)) ) ); + (void)srv_send_smb(smbd_server_fd(),(char *)buf,false); + exit_server_cleanly("connection denied"); + } + max_recv = MIN(lp_maxxmit(),BUFFER_SIZE); while (True) { -- 2.11.4.GIT