git.samba.org / metze / samba / wip.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8212c34) | patch
s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746
authorJeremy Allison <jra@samba.org>
Tue, 19 Sep 2017 23:11:33 +0000 (16:11 -0700)
committerKarolin Seeger <kseeger@samba.org>
Tue, 21 Nov 2017 14:46:12 +0000 (15:46 +0100)
commitdeda04389a7e0baddb88d4d611a6f07926776b28
treeaaa16c5d43334a7de5cee656eba8c056acba4e39tree
parent8212c34ae409f64615a53f9665134a3e7a04312dcommit | diff
s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746

When setting up the chain, always use 'next->' variables
not the 'req->' one.

Bug discovered by 连一汉 <lianyihan@360.cn>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13041

Signed-off-by: Jeremy Allison <jra@samba.org>
source3/smbd/process.c diff | blob | history
source3/smbd/reply.c diff | blob | history
Work in progress branches