s3:libsmb: check the wct of the incoming SMBnegprot responses

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Sep 12 20:50:27 CEST 2011 on sn-devel-104

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index fd0536cb6fb9f035cb4a0aed45243226210e5600..e0d2419ab679ad3195effff6863d3febceb7fe0a 100644 (file)
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -2640,6 +2640,11 @@ static void cli_negprot_done(struct tevent_req *subreq)
                struct timespec ts;
                bool negotiated_smb_signing = false;
 
+               if (wct != 0x11) {
+                       tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+                       return;
+               }
+
                /* NT protocol */
                cli->sec_mode = CVAL(vwv + 1, 0);
                cli->max_mux = SVAL(vwv + 1, 1);
@@ -2700,6 +2705,11 @@ static void cli_negprot_done(struct tevent_req *subreq)
                }
 
        } else if (cli_state_protocol(cli) >= PROTOCOL_LANMAN1) {
+               if (wct != 0x0D) {
+                       tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+                       return;
+               }
+
                cli->use_spnego = False;
                cli->sec_mode = SVAL(vwv + 1, 0);
                cli->max_xmit = SVAL(vwv + 2, 0);