diff options
author | Jeremy Allison <jra@samba.org> | 1998-12-17 21:38:13 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 1998-12-17 21:38:13 +0000 |
commit | 5e7632e4e14ffb45c4fce1c2b9254dcb8f3b15e8 (patch) | |
tree | 222d2dfeb2e92cceaf071166ca2c03cab2dc5a82 | |
parent | d745e7c5722297429f48a3bbfe5c694baaaa94cf (diff) | |
download | samba-5e7632e4e14ffb45c4fce1c2b9254dcb8f3b15e8.tar.gz samba-5e7632e4e14ffb45c4fce1c2b9254dcb8f3b15e8.tar.xz samba-5e7632e4e14ffb45c4fce1c2b9254dcb8f3b15e8.zip |
include/nameserv.h nmbd/nmbd_packets.c nmbd/nmbd_responserecordsdb.c:
Fixed 'nmbd running wild' bug by preventing recursion in retransmit_or_expire_response_records().
tests/crypttest.c: Updated for bigcrypt.
Jeremy.
-rw-r--r-- | source/include/nameserv.h | 3 | ||||
-rw-r--r-- | source/nmbd/nmbd_packets.c | 33 | ||||
-rw-r--r-- | source/nmbd/nmbd_responserecordsdb.c | 3 | ||||
-rw-r--r-- | source/tests/crypttest.c | 49 |
4 files changed, 76 insertions, 12 deletions
diff --git a/source/include/nameserv.h b/source/include/nameserv.h index e3a1d740a74..995a47b2fa0 100644 --- a/source/include/nameserv.h +++ b/source/include/nameserv.h @@ -369,6 +369,9 @@ struct response_record time_t repeat_time; time_t repeat_interval; int repeat_count; + + /* Recursion protection. */ + BOOL in_expiration_processing; }; /* A subnet structure. It contains a list of workgroups and netbios names. */ diff --git a/source/nmbd/nmbd_packets.c b/source/nmbd/nmbd_packets.c index 89a08682d8c..a62b9ff7306 100644 --- a/source/nmbd/nmbd_packets.c +++ b/source/nmbd/nmbd_packets.c @@ -1637,16 +1637,31 @@ to IP %s on subnet %s\n", rrec->response_id, inet_ntoa(rrec->packet->ip), on subnet %s\n", rrec->response_id, inet_ntoa(rrec->packet->ip), subrec->subnet_name)); - /* Call the timeout function. This will deal with removing the - timed out packet. */ - if(rrec->timeout_fn) - (*rrec->timeout_fn)(subrec, rrec); - else + /* + * Check the flag in this record to prevent recursion if we end + * up in this function again via the timeout function call. + */ + + if(!rrec->in_expiration_processing) { - /* We must remove the record ourself if there is - no timeout function. */ - remove_response_record(subrec, rrec); - } + + /* + * Set the recursion protection flag in this record. + */ + + rrec->in_expiration_processing = True; + + /* Call the timeout function. This will deal with removing the + timed out packet. */ + if(rrec->timeout_fn) + (*rrec->timeout_fn)(subrec, rrec); + else + { + /* We must remove the record ourself if there is + no timeout function. */ + remove_response_record(subrec, rrec); + } + } /* !rrec->in_expitation_processing */ } /* rrec->repeat_count > 0 */ } /* rrec->repeat_time <= t */ } /* end for rrec */ diff --git a/source/nmbd/nmbd_responserecordsdb.c b/source/nmbd/nmbd_responserecordsdb.c index a9c71ea9dc9..fe294647732 100644 --- a/source/nmbd/nmbd_responserecordsdb.c +++ b/source/nmbd/nmbd_responserecordsdb.c @@ -172,6 +172,9 @@ struct response_record *make_response_record( struct subnet_record *subrec, rrec->repeat_count = 3; /* 3 retries */ rrec->repeat_time = time(NULL) + rrec->repeat_interval; /* initial retry time */ + /* This packet is not being processed. */ + rrec->in_expiration_processing = False; + /* Lock the packet so we won't lose it while it's on the list. */ p->locked = True; diff --git a/source/tests/crypttest.c b/source/tests/crypttest.c index c678f64bc34..183ed06394e 100644 --- a/source/tests/crypttest.c +++ b/source/tests/crypttest.c @@ -16,13 +16,56 @@ main() char c_out1[256]; char c_out2[256]; + char expected_out[14]; + + strcpy(expected_out, "12yJ.Of/NQ.Pk"); strcpy(passwd, "12345678"); strcpy(salt, "12345678"); - + strcpy(c_out1, crypt(passwd, salt)); - salt[2] = '\0'; strcpy(c_out2, crypt(passwd, salt)); - exit(strcmp(c_out1, c_out2) == 0 ? 0 : 1); + /* + * If the non-trucated salt fails but the + * truncated salt succeeds then exit 1. + */ + + if((strcmp(c_out1, expected_out) != 0) && + (strcmp(c_out2, expected_out) == 0)) + exit(1); + +#ifdef HAVE_BIGCRYPT + /* + * Try the same with bigcrypt... + */ + + { + char big_passwd[17]; + char big_salt[17]; + char big_c_out1[256]; + char big_c_out2[256]; + char big_expected_out[27]; + + strcpy(big_passwd, "1234567812345678"); + strcpy(big_salt, "1234567812345678"); + strcpy(big_expected_out, "12yJ.Of/NQ.PklfyCuHi/rwM"); + + strcpy(big_c_out1, bigcrypt(big_passwd, big_salt)); + big_salt[2] = '\0'; + strcpy(big_c_out2, bigcrypt(big_passwd, big_salt)); + + /* + * If the non-trucated salt fails but the + * truncated salt succeeds then exit 1. + */ + + if((strcmp(big_c_out1, big_expected_out) != 0) && + (strcmp(big_c_out2, big_expected_out) == 0)) + exit(1); + + } +#endif + + exit(0); } |