s3:libsmb: check the wct of the incoming SMBnegprot responses

metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Sep 12 20:50:27 CEST 2011 on sn-devel-104
author: Stefan Metzmacher <metze@samba.org> 2011-09-12 07:13:56 +0200
committer: Stefan Metzmacher <metze@samba.org> 2011-09-12 20:50:27 +0200
commit: 85332eb1c721d585e1a33101bddafdca4073e10f (patch)
tree: f25fd4c019c4c3ac260649167120f4c054e348a0
parent: 1dc3ac242a9027575d0119ec3547ae508e2cb2a9 (diff)
download: samba-85332eb1c721d585e1a33101bddafdca4073e10f.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index fd0536cb6fb..e0d2419ab67 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -2640,6 +2640,11 @@ static void cli_negprot_done(struct tevent_req *subreq)
 		struct timespec ts;
 		bool negotiated_smb_signing = false;
 
+		if (wct != 0x11) {
+			tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+			return;
+		}
+
 		/* NT protocol */
 		cli->sec_mode = CVAL(vwv + 1, 0);
 		cli->max_mux = SVAL(vwv + 1, 1);
@@ -2700,6 +2705,11 @@ static void cli_negprot_done(struct tevent_req *subreq)
 		}
 
 	} else if (cli_state_protocol(cli) >= PROTOCOL_LANMAN1) {
+		if (wct != 0x0D) {
+			tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+			return;
+		}
+
 		cli->use_spnego = False;
 		cli->sec_mode = SVAL(vwv + 1, 0);
 		cli->max_xmit = SVAL(vwv + 2, 0);
author	Stefan Metzmacher <metze@samba.org>	2011-09-12 07:13:56 +0200
committer	Stefan Metzmacher <metze@samba.org>	2011-09-12 20:50:27 +0200
commit	85332eb1c721d585e1a33101bddafdca4073e10f (patch)
tree	f25fd4c019c4c3ac260649167120f4c054e348a0
parent	1dc3ac242a9027575d0119ec3547ae508e2cb2a9 (diff)
download	samba-85332eb1c721d585e1a33101bddafdca4073e10f.tar.gz