Fix bug #8476 - Samba asserts when SMB2 client breaks the crediting rules.

Just drop the connection, not SMB_ASSERT.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Sep 22 19:41:31 CEST 2011 on sn-devel-104

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index d1b7ac5ce1f607f533658ffa424c7c7331164690..0ffeb4818d04786df57f76d6b65453e18db892f5 100644 (file)
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -322,8 +322,13 @@ static bool smb2_validate_message_id(struct smbd_server_connection *sconn,
                return false;
        }
 
+       if (sconn->smb2.credits_granted == 0) {
+               smbd_server_connection_terminate(sconn, "smb2_validate_message_id: "
+                       "terminating connection: client used more credits than granted\n");
+               return false;
+       }
+
        /* client just used a credit. */
-       SMB_ASSERT(sconn->smb2.credits_granted > 0);
        sconn->smb2.credits_granted -= 1;
 
        /* Mark the message_id as seen in the bitmap. */