Samba 3.6.23 patch for:
FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to, zero
...derived from Christof Schmitt <[email protected]>'s patch for Samba 4.0
http://www.samba.org/samba/ftp/patches/security/samba-4.0.17-CVE-2014-0178-CVE-2014-0239.patch
--- a/source3/smbd/nttrans.c 2014-03-11 03:17:34.000000000 -0700
+++ samba-3.6.23/source3/smbd/nttrans.c 2014-06-18 06:17:02.771463164 -0700
@@ -2303,7 +2303,7 @@
if (!labels) {
*out_len = 16;
} else {
- *out_len = 12 + labels_data_count + 4;
+ *out_len = 12 + labels_data_count;
}
if (max_out_len < *out_len) {
@@ -2313,7 +2313,7 @@
return NT_STATUS_BUFFER_TOO_SMALL;
}
- cur_pdata = talloc_array(ctx, char, *out_len);
+ cur_pdata = talloc_zero_array(ctx, char, *out_len);
if (cur_pdata == NULL) {
TALLOC_FREE(shadow_data);
return NT_STATUS_NO_MEMORY;
@@ -2330,7 +2330,7 @@
}
/* needed_data_count 4 bytes */
- SIVAL(cur_pdata, 8, labels_data_count + 4);
+ SIVAL(cur_pdata, 8, labels_data_count);
cur_pdata += 12;