From d60eaef50d9a9983f13610d13aba9c831c7d217b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 12 Sep 2011 12:10:54 -0700 Subject: [PATCH] s3:libsmb: check the wct of the incoming SMBnegprot responses metze --- source3/libsmb/cliconnect.c | 10 ++++++++++ 1 files changed, 10 insertions(+), 0 deletions(-) diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 6316db1..7606810 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1700,6 +1700,11 @@ static void cli_negprot_done(struct tevent_req *subreq) struct timespec ts; bool negotiated_smb_signing = false; + if (wct != 0x11) { + tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); + return; + } + /* NT protocol */ cli->sec_mode = CVAL(vwv + 1, 0); cli->max_mux = SVAL(vwv + 1, 1); @@ -1765,6 +1770,11 @@ static void cli_negprot_done(struct tevent_req *subreq) } } else if (cli->protocol >= PROTOCOL_LANMAN1) { + if (wct != 0x0D) { + tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); + return; + } + cli->use_spnego = False; cli->sec_mode = SVAL(vwv + 1, 0); cli->max_xmit = SVAL(vwv + 2, 0); -- 1.7.3.1