include/nameserv.h nmbd/nmbd_packets.c nmbd/nmbd_responserecordsdb.c:

	Fixed 'nmbd running wild' bug by preventing recursion in retransmit_or_expire_response_records().
tests/crypttest.c: Updated for bigcrypt.
Jeremy.

4 files changed, 76 insertions, 12 deletions

diff --git a/source/include/nameserv.h b/source/include/nameserv.h
index e3a1d740a74..995a47b2fa0 100644
--- a/source/include/nameserv.h
+++ b/source/include/nameserv.h
@@ -369,6 +369,9 @@ struct response_record
   time_t repeat_time;
   time_t repeat_interval;
   int    repeat_count;
+
+  /* Recursion protection. */
+  BOOL in_expiration_processing;
 };
 
 /* A subnet structure. It contains a list of workgroups and netbios names. */
diff --git a/source/nmbd/nmbd_packets.c b/source/nmbd/nmbd_packets.c
index 89a08682d8c..a62b9ff7306 100644
--- a/source/nmbd/nmbd_packets.c
+++ b/source/nmbd/nmbd_packets.c
@@ -1637,16 +1637,31 @@ to IP %s on subnet %s\n", rrec->response_id, inet_ntoa(rrec->packet->ip),
 on subnet %s\n", rrec->response_id, inet_ntoa(rrec->packet->ip), 
                  subrec->subnet_name));
 
-          /* Call the timeout function. This will deal with removing the
-             timed out packet. */
-          if(rrec->timeout_fn)
-            (*rrec->timeout_fn)(subrec, rrec);
-          else
+          /*
+           * Check the flag in this record to prevent recursion if we end
+           * up in this function again via the timeout function call.
+           */
+
+          if(!rrec->in_expiration_processing)
           {
-            /* We must remove the record ourself if there is
-               no timeout function. */
-            remove_response_record(subrec, rrec);
-          }
+
+            /*
+             * Set the recursion protection flag in this record.
+             */
+
+            rrec->in_expiration_processing = True;
+
+            /* Call the timeout function. This will deal with removing the
+               timed out packet. */
+            if(rrec->timeout_fn)
+              (*rrec->timeout_fn)(subrec, rrec);
+            else
+            {
+              /* We must remove the record ourself if there is
+                 no timeout function. */
+              remove_response_record(subrec, rrec);
+            }
+          } /* !rrec->in_expitation_processing */
         } /* rrec->repeat_count > 0 */
       } /* rrec->repeat_time <= t */
     } /* end for rrec */
diff --git a/source/nmbd/nmbd_responserecordsdb.c b/source/nmbd/nmbd_responserecordsdb.c
index a9c71ea9dc9..fe294647732 100644
--- a/source/nmbd/nmbd_responserecordsdb.c
+++ b/source/nmbd/nmbd_responserecordsdb.c
@@ -172,6 +172,9 @@ struct response_record *make_response_record( struct subnet_record *subrec,
   rrec->repeat_count = 3; /* 3 retries */
   rrec->repeat_time = time(NULL) + rrec->repeat_interval; /* initial retry time */
 
+  /* This packet is not being processed. */
+  rrec->in_expiration_processing = False;
+
   /* Lock the packet so we won't lose it while it's on the list. */
   p->locked = True;
 
diff --git a/source/tests/crypttest.c b/source/tests/crypttest.c
index c678f64bc34..183ed06394e 100644
--- a/source/tests/crypttest.c
+++ b/source/tests/crypttest.c
@@ -16,13 +16,56 @@ main()
 	char c_out1[256];
 	char c_out2[256];
 
+	char expected_out[14];
+
+	strcpy(expected_out, "12yJ.Of/NQ.Pk");
 	strcpy(passwd, "12345678");
 	strcpy(salt, "12345678");
-
+	
 	strcpy(c_out1, crypt(passwd, salt));
-
 	salt[2] = '\0';
 	strcpy(c_out2, crypt(passwd, salt));
 
-	exit(strcmp(c_out1, c_out2) == 0 ? 0 : 1);
+	/*
+	 * If the non-trucated salt fails but the
+	 * truncated salt succeeds then exit 1.
+	 */
+
+	if((strcmp(c_out1, expected_out) != 0) && 
+		(strcmp(c_out2, expected_out) == 0))
+		exit(1);
+
+#ifdef HAVE_BIGCRYPT
+	/*
+	 * Try the same with bigcrypt...
+	 */
+
+	{
+		char big_passwd[17];
+		char big_salt[17];
+		char big_c_out1[256];
+		char big_c_out2[256];
+		char big_expected_out[27];
+
+		strcpy(big_passwd, "1234567812345678");
+		strcpy(big_salt, "1234567812345678");
+		strcpy(big_expected_out, "12yJ.Of/NQ.PklfyCuHi/rwM");
+
+		strcpy(big_c_out1, bigcrypt(big_passwd, big_salt));
+		big_salt[2] = '\0';
+		strcpy(big_c_out2, bigcrypt(big_passwd, big_salt));
+
+		/*
+		 * If the non-trucated salt fails but the
+		 * truncated salt succeeds then exit 1.
+		 */
+
+		if((strcmp(big_c_out1, big_expected_out) != 0) && 
+			(strcmp(big_c_out2, big_expected_out) == 0))
+			exit(1);
+
+	}
+#endif
+
+	exit(0);
 }