Tree - rpms/samba - CentOS Git server

rpms / samba

Blame SOURCES/samba-4.1.x-CVE-2015-0240.patch

Blob History Raw

		08db43	`From cc4100701bec64cda6fae6a5650c2114f3862579 Mon Sep 17 00:00:00 2001`
		08db43	`From: Jeremy Allison <jra@samba.org>`
		08db43	`Date: Wed, 28 Jan 2015 14:47:31 -0800`
		08db43	`Subject: [PATCH 1/2] CVE-2015-0240: s3: netlogon: Ensure we don't call`
		08db43	`talloc_free on an uninitialized pointer.`
		08db43
		08db43	`Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077`
		08db43
		08db43	`Signed-off-by: Jeremy Allison <jra@samba.org>`
		08db43	`Reviewed-by: Stefan Metzmacher <metze@samba.org>`
		08db43	`---`
		08db43	`source3/rpc_server/netlogon/srv_netlog_nt.c \| 6 +++++-`
		08db43	`1 file changed, 5 insertions(+), 1 deletion(-)`
		08db43
		08db43	`diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c`
		08db43	`index c903ae8..cab635f 100644`
		08db43	`--- a/source3/rpc_server/netlogon/srv_netlog_nt.c`
		08db43	`+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c`
		08db43	`@@ -1101,6 +1101,10 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p,`
		08db43	`bool schannel_global_required = (lp_server_schannel() == true) ? true:false;`
		08db43	`struct loadparm_context *lp_ctx;`
		08db43
		08db43	`+ if (creds_out != NULL) {`
		08db43	`+ *creds_out = NULL;`
		08db43	`+ }`
		08db43	`+`
		08db43	`if (schannel_global_required) {`
		08db43	`status = schannel_check_required(&p->auth,`
		08db43	`computer_name,`
		08db43	`@@ -1258,7 +1262,7 @@ NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p,`
		08db43	`{`
		08db43	`NTSTATUS status = NT_STATUS_OK;`
		08db43	`int i;`
		08db43	`- struct netlogon_creds_CredentialState *creds;`
		08db43	`+ struct netlogon_creds_CredentialState *creds = NULL;`
		08db43
		08db43	`DEBUG(5,("_netr_ServerPasswordSet: %d\n", __LINE__));`
		08db43
		08db43	`--`
		08db43	`2.3.0`
		08db43
		08db43
		08db43	`From 57c186ee4deda5e75d3588fa0252d9817492bb1f Mon Sep 17 00:00:00 2001`
		08db43	`From: Andreas Schneider <asn@samba.org>`
		08db43	`Date: Mon, 16 Feb 2015 10:59:23 +0100`
		08db43	`Subject: [PATCH 2/2] s3-netlogon: Make sure we do not deference a NULL`
		08db43	`pointer.`
		08db43
		08db43	`This is an additional patch for CVE-2015-0240.`
		08db43
		08db43	`BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32`
		08db43
		08db43	`Pair-Programmed-With: Michael Adam <obnox@samba.org>`
		08db43	`Pair-Programmed-With: Andreas Schneider <asn@samba.org>`
		08db43	`Signed-off-by: Michael Adam <obnox@samba.org>`
		08db43	`Signed-off-by: Andreas Schneider <asn@samba.org>`
		08db43	`Reviewed-by: Volker Lendecke <vl@samba.org>`
		08db43	`---`
		08db43	`source3/rpc_server/netlogon/srv_netlog_nt.c \| 7 ++++++-`
		08db43	`1 file changed, 6 insertions(+), 1 deletion(-)`
		08db43
		08db43	`diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c`
		08db43	`index cab635f..2ba3278 100644`
		08db43	`--- a/source3/rpc_server/netlogon/srv_netlog_nt.c`
		08db43	`+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c`
		08db43	`@@ -1275,9 +1275,14 @@ NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p,`
		08db43	`unbecome_root();`
		08db43
		08db43	`if (!NT_STATUS_IS_OK(status)) {`
		08db43	`+ const char *computer_name = "<unknown>";`
		08db43	`+`
		08db43	`+ if (creds != NULL && creds->computer_name != NULL) {`
		08db43	`+ computer_name = creds->computer_name;`
		08db43	`+ }`
		08db43	`DEBUG(2,("_netr_ServerPasswordSet: netlogon_creds_server_step failed. Rejecting auth "`
		08db43	`"request from client %s machine account %s\n",`
		08db43	`- r->in.computer_name, creds->computer_name));`
		08db43	`+ r->in.computer_name, computer_name));`
		08db43	`TALLOC_FREE(creds);`
		08db43	`return status;`
		08db43	`}`
		08db43	`--`
		08db43	`2.3.0`
		08db43

rpms / samba

Source Code

Blame SOURCES/samba-4.1.x-CVE-2015-0240.patch