Fix bug #8476 - Samba asserts when SMB2 client breaks the crediting rules.

Just drop the connection, not SMB_ASSERT.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Sep 22 19:41:31 CEST 2011 on sn-devel-104
(cherry picked from commit d50fa9c21e1c3b6f7126c33e24966099c7567225)

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 41ef607e4761c20df106231060f9adf3f499fa45..4de4ef5fe2f1a0fb82ac24bd2c78d6c79fe1c633 100644 (file)
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -319,8 +319,13 @@ static bool smb2_validate_message_id(struct smbd_server_connection *sconn,
                return false;
        }
 
+       if (sconn->smb2.credits_granted == 0) {
+               smbd_server_connection_terminate(sconn, "smb2_validate_message_id: "
+                       "terminating connection: client used more credits than granted\n");
+               return false;
+       }
+
        /* client just used a credit. */
-       SMB_ASSERT(sconn->smb2.credits_granted > 0);
        sconn->smb2.credits_granted -= 1;
 
        /* Mark the message_id as seen in the bitmap. */