upstream/oracle/userland-gate: changeset 2007:b47782ba4540

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/samba/samba/patches/FSCTL_GET_SHADOW_COPY_DATA.patch	Wed Jul 23 04:54:29 2014 -0700
@@ -0,0 +1,34 @@
+Samba 3.6.23 patch for:
+FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to, zero
+...derived from Christof Schmitt <[email protected]>'s patch for Samba 4.0
+http://www.samba.org/samba/ftp/patches/security/samba-4.0.17-CVE-2014-0178-CVE-2014-0239.patch
+
+--- a/source3/smbd/nttrans.c	2014-03-11 03:17:34.000000000 -0700
++++ samba-3.6.23/source3/smbd/nttrans.c	2014-06-18 06:17:02.771463164 -0700
[email protected]@ -2303,7 +2303,7 @@
+ 		if (!labels) {
+ 			*out_len = 16;
+ 		} else {
+-			*out_len = 12 + labels_data_count + 4;
++			*out_len = 12 + labels_data_count;
+ 		}
+ 
+ 		if (max_out_len < *out_len) {
[email protected]@ -2313,7 +2313,7 @@
+ 			return NT_STATUS_BUFFER_TOO_SMALL;
+ 		}
+ 
+-		cur_pdata = talloc_array(ctx, char, *out_len);
++		cur_pdata = talloc_zero_array(ctx, char, *out_len);
+ 		if (cur_pdata == NULL) {
+ 			TALLOC_FREE(shadow_data);
+ 			return NT_STATUS_NO_MEMORY;
[email protected]@ -2330,7 +2330,7 @@
+ 		}
+ 
+ 		/* needed_data_count 4 bytes */
+-		SIVAL(cur_pdata, 8, labels_data_count + 4);
++		SIVAL(cur_pdata, 8, labels_data_count);
+ 
+ 		cur_pdata += 12;
+

author	Jiri Sasek <Jiri.Sasek@Oracle.COM>
	Wed, 23 Jul 2014 04:54:29 -0700
changeset 2007	b47782ba4540
parent 2006	3a68667fe366
child 2008	fbb3d4972042