|
|
cf0886 |
From 9bef27dec1a81b7ba46bc3126edd5ac1b225f6dc Mon Sep 17 00:00:00 2001
|
|
|
cf0886 |
From: Jeremy Allison <jra@samba.org>
|
|
|
cf0886 |
Date: Wed, 28 May 2014 10:40:27 -0700
|
|
|
cf0886 |
Subject: [PATCH] s3: nmbd: Fix bug 10633 - nmbd denial of service
|
|
|
cf0886 |
|
|
|
cf0886 |
The Linux kernel has a bug in that it can give spurious
|
|
|
cf0886 |
wakeups on a non-blocking UDP socket for a non-deliverable packet.
|
|
|
cf0886 |
|
|
|
cf0886 |
When nmbd was changed to use non-blocking sockets it
|
|
|
cf0886 |
became vulnerable to a spurious wakeup from poll/epoll.
|
|
|
cf0886 |
|
|
|
cf0886 |
Fix sys_recvfile() to return on EWOULDBLOCK/EAGAIN.
|
|
|
cf0886 |
|
|
|
cf0886 |
CVE-2014-0244
|
|
|
cf0886 |
|
|
|
cf0886 |
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
|
cf0886 |
---
|
|
|
cf0886 |
source3/lib/system.c | 7 ++-----
|
|
|
cf0886 |
1 file changed, 2 insertions(+), 5 deletions(-)
|
|
|
cf0886 |
|
|
|
cf0886 |
diff --git a/source3/lib/system.c b/source3/lib/system.c
|
|
|
cf0886 |
index af72b2a..698de12 100644
|
|
|
cf0886 |
--- a/source3/lib/system.c
|
|
|
cf0886 |
+++ b/source3/lib/system.c
|
|
|
cf0886 |
@@ -169,6 +169,7 @@ ssize_t sys_send(int s, const void *msg, size_t len, int flags)
|
|
|
cf0886 |
|
|
|
cf0886 |
/*******************************************************************
|
|
|
cf0886 |
A recvfrom wrapper that will deal with EINTR.
|
|
|
cf0886 |
+NB. As used with non-blocking sockets, return on EAGAIN/EWOULDBLOCK
|
|
|
cf0886 |
********************************************************************/
|
|
|
cf0886 |
|
|
|
cf0886 |
ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlen)
|
|
|
cf0886 |
@@ -177,11 +178,7 @@ ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *f
|
|
|
cf0886 |
|
|
|
cf0886 |
do {
|
|
|
cf0886 |
ret = recvfrom(s, buf, len, flags, from, fromlen);
|
|
|
cf0886 |
-#if defined(EWOULDBLOCK)
|
|
|
cf0886 |
- } while (ret == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK));
|
|
|
cf0886 |
-#else
|
|
|
cf0886 |
- } while (ret == -1 && (errno == EINTR || errno == EAGAIN));
|
|
|
cf0886 |
-#endif
|
|
|
cf0886 |
+ } while (ret == -1 && (errno == EINTR));
|
|
|
cf0886 |
return ret;
|
|
|
cf0886 |
}
|
|
|
cf0886 |
|
|
|
cf0886 |
--
|
|
|
cf0886 |
1.9.1.423.g4596e3a
|
|
|
cf0886 |
|