Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/samba/samba30/patches/samba-3.0.37-CVE-2010-2063.patch
author Jiri Sasek <jurasek@opensolaris.org>
Wed, 25 May 2011 18:33:43 +0200
changeset 264 84a67a54e8fd
permissions -rw-r--r--
7044174 Move samba(s) and its dependencies to Userland. 7025146 Update samba to 3.5.8 (bugfix release) 7011577 Impossible to rename a file on a ZFS filesystem when installing 146364-01 (Samba 3.5.5) 7011579 Request to add shadow_copy2 in the next Samba patch or Solaris Samba package 7013885 User cannot delete a file on a share-se_access_check algorithmreturns access (2) denied 7010973 GPLv3 licensing issue with pkg:/library/samba/libsmbclient 7031097 Mozilla LDAP C-SDK (project private library for Samba) should be moved to Userland prior of Samba.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
264
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
     1
 
diff --git a/source/smbd/process.c b/source/smbd/process.c
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
     2
 
index e861e16..6499bc7 100644
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
     3
 
--- a/source/smbd/process.c
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
     4
 
+++ b/source/smbd/process.c
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
     5
 
@@ -1159,6 +1159,7 @@ int chain_reply(char *inbuf,char *outbuf,int size,int bufsize)
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
     6
 
 {
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
     7
 
 	static char *orig_inbuf;
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
     8
 
 	static char *orig_outbuf;
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
     9
 
+	static int orig_size;
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    10
 
 	int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0);
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    11
 
 	unsigned smb_off2 = SVAL(inbuf,smb_vwv1);
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    12
 
 	char *inbuf2, *outbuf2;
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    13
 
@@ -1178,6 +1179,13 @@ int chain_reply(char *inbuf,char *outbuf,int size,int bufsize)
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    14
 
 		/* this is the first part of the chain */
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    15
 
 		orig_inbuf = inbuf;
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    16
 
 		orig_outbuf = outbuf;
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    17
 
+		orig_size = size;
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    18
 
+	}
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    19
 
+
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    20
 
+	/* Validate smb_off2 */
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    21
 
+	if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) {
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    22
 
+		exit_server_cleanly("Bad chained packet");
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    23
 
+		return -1;
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    24
 
 	}
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    25
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    26
 
 	/*
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    27
 
@@ -1192,6 +1200,11 @@ int chain_reply(char *inbuf,char *outbuf,int size,int bufsize)
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    28
 
 	SSVAL(outbuf,smb_vwv1,smb_offset(outbuf+outsize,outbuf));
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    29
 
 	SCVAL(outbuf,smb_vwv0,smb_com2);
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    30
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    31
 
+	if (outsize <= smb_wct) {
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    32
 
+		exit_server_cleanly("Bad chained packet");
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    33
 
+		return -1;
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    34
 
+	}
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    35
 
+
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    36
 
 	/* remember how much the caller added to the chain, only counting stuff
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    37
 
 		after the parameter words */
84a67a54e8fd 7044174 Move samba(s) and its dependencies to Userland.
Jiri Sasek <jurasek@opensolaris.org>
parents:
diff changeset 
    38
 
 	chain_size += outsize - smb_wct;
upstream/oracle/userland-gate