18875952 problem in UTILITY/SAMBA s11-update
authorJiri Sasek <Jiri.Sasek@Oracle.COM>
Tue, 12 Aug 2014 05:26:42 -0700
branchs11-update
changeset 3260 f7052d16f6f6
parent 3259 8d7c14f3126e
child 3261 310938d95566
18875952 problem in UTILITY/SAMBA
components/samba/samba/patches/FSCTL_GET_SHADOW_COPY_DATA.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/samba/samba/patches/FSCTL_GET_SHADOW_COPY_DATA.patch	Tue Aug 12 05:26:42 2014 -0700
@@ -0,0 +1,34 @@
+Samba 3.6.23 patch for:
+FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to, zero
+...derived from Christof Schmitt <[email protected]>'s patch for Samba 4.0
+http://www.samba.org/samba/ftp/patches/security/samba-4.0.17-CVE-2014-0178-CVE-2014-0239.patch
+
+--- a/source3/smbd/nttrans.c	2014-03-11 03:17:34.000000000 -0700
++++ samba-3.6.23/source3/smbd/nttrans.c	2014-06-18 06:17:02.771463164 -0700
[email protected]@ -2303,7 +2303,7 @@
+ 		if (!labels) {
+ 			*out_len = 16;
+ 		} else {
+-			*out_len = 12 + labels_data_count + 4;
++			*out_len = 12 + labels_data_count;
+ 		}
+ 
+ 		if (max_out_len < *out_len) {
[email protected]@ -2313,7 +2313,7 @@
+ 			return NT_STATUS_BUFFER_TOO_SMALL;
+ 		}
+ 
+-		cur_pdata = talloc_array(ctx, char, *out_len);
++		cur_pdata = talloc_zero_array(ctx, char, *out_len);
+ 		if (cur_pdata == NULL) {
+ 			TALLOC_FREE(shadow_data);
+ 			return NT_STATUS_NO_MEMORY;
[email protected]@ -2330,7 +2330,7 @@
+ 		}
+ 
+ 		/* needed_data_count 4 bytes */
+-		SIVAL(cur_pdata, 8, labels_data_count + 4);
++		SIVAL(cur_pdata, 8, labels_data_count);
+ 
+ 		cur_pdata += 12;
+