CVE-2019-10218 - s3: libsmb: Protect SMB2 client code from evil server returned names.

Disconnect with NT_STATUS_INVALID_NETWORK_RESPONSE if so. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14071 Signed-off-by: Jeremy Allison <jra@samba.org>
author: Jeremy Allison <jra@samba.org> 2019-08-06 12:08:09 -0700
committer: Karolin Seeger <kseeger@samba.org> 2019-10-24 10:52:36 +0200
commit: 914c985e66adc63d54b3e17dab324f376f84e349 (patch)
tree: 5885f41f2e4823abd589accde23615a69e6ecf24
parent: 07df3dfa6bf081c3f2ad7777995325d834ad3129 (diff)
download: samba-914c985e66adc63d54b3e17dab324f376f84e349.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index 535beaab841..3fa322c243b 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -1442,6 +1442,13 @@ NTSTATUS cli_smb2_list(struct cli_state *cli,
 				goto fail;
 			}
 
+			/* Protect against server attack. */
+			status = is_bad_finfo_name(cli, finfo);
+			if (!NT_STATUS_IS_OK(status)) {
+				smbXcli_conn_disconnect(cli->conn, status);
+				goto fail;
+			}
+
 			if (dir_check_ftype((uint32_t)finfo->mode,
 					(uint32_t)attribute)) {
 				/*
author	Jeremy Allison <jra@samba.org>	2019-08-06 12:08:09 -0700
committer	Karolin Seeger <kseeger@samba.org>	2019-10-24 10:52:36 +0200
commit	914c985e66adc63d54b3e17dab324f376f84e349 (patch)
tree	5885f41f2e4823abd589accde23615a69e6ecf24
parent	07df3dfa6bf081c3f2ad7777995325d834ad3129 (diff)
download	samba-914c985e66adc63d54b3e17dab324f376f84e349.tar.gz