summaryrefslogtreecommitdiffstats
path: root/source4/libcli
diff options
context:
space:
mode:
authorMatthieu Patou <mat@matws.net>2013-09-19 11:18:32 -0700
committerVolker Lendecke <vl@samba.org>2013-09-20 04:46:47 +0200
commitea3db09f696b199171e78720d95197f458b15e93 (patch)
treedfa3b36b7b63f64da00039636738804ad1d2ee26 /source4/libcli
parentb2b948a1d01982613dc53ac926842f1d144b6841 (diff)
downloadsamba-ea3db09f696b199171e78720d95197f458b15e93.tar.gz
samba-ea3db09f696b199171e78720d95197f458b15e93.tar.xz
samba-ea3db09f696b199171e78720d95197f458b15e93.zip
libcli: continue to read from the socket even if the size is 0
This is an issue found by Codenomicon, with a malicious packet with 0 bytes UDP payload we will continiously be looping trying to react from the socket event and continiously do nothing as we will bail out thinking that we had a memory allocation error. Original fix comes from Volker Lendecke <vl@samba.org> Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Sep 20 04:46:47 CEST 2013 on sn-devel-104
Diffstat (limited to 'source4/libcli')
-rw-r--r--source4/libcli/dgram/dgramsocket.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/source4/libcli/dgram/dgramsocket.c b/source4/libcli/dgram/dgramsocket.c
index 3f06dc72bd1..cd6d3e4c745 100644
--- a/source4/libcli/dgram/dgramsocket.c
+++ b/source4/libcli/dgram/dgramsocket.c
@@ -48,7 +48,7 @@ static void dgm_socket_recv(struct nbt_dgram_socket *dgmsock)
}
blob = data_blob_talloc(tmp_ctx, NULL, dsize);
- if (blob.data == NULL) {
+ if ((dsize != 0) && (blob.data == NULL)) {
talloc_free(tmp_ctx);
return;
}