SECURITY fix for CVE-2012-0817, memory leak affecting samba 3.6.0 to 3.6.2

can cause DoS. Pointed out by maintainer. http://ftp.samba.org/pub/samba/patches/security/samba-3.6.2-CVE-2012-0817.patch ok ajacoutot@
2012-01-31 09:12:58 +00:00 · 2012-01-31 09:12:58 +00:00 · 98a844eafa
commit 98a844eafa
parent 51ce8e8a5e
3 changed files with 57 additions and 2 deletions
--- a/net/samba/Makefile
+++ b/net/samba/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.153 2011/12/17 22:01:13 sthen Exp $
+# $OpenBSD: Makefile,v 1.154 2012/01/31 09:12:58 sthen Exp $

 SHARED_ONLY=		Yes

@ -6,7 +6,7 @@ COMMENT-main=		SMB and CIFS client and server for UNIX
 COMMENT-docs=		additional documentation and examples for Samba

 DISTNAME=		samba-3.6.1
-REVISION-main=		0
+REVISION-main=		1
 PKGNAME-main=		${DISTNAME}
 FULLPKGNAME-docs=	${DISTNAME:S/-/-docs-/}
 FULLPKGPATH-docs=	net/samba,-docs
--- a/net/samba/patches/patch-lib_substitute_c
+++ b/net/samba/patches/patch-lib_substitute_c
@ -0,0 +1,36 @@
+$OpenBSD: patch-lib_substitute_c,v 1.1 2012/01/31 09:12:59 sthen Exp $
+
+http://ftp.samba.org/pub/samba/patches/security/samba-3.6.2-CVE-2012-0817.patch
+
+--- lib/substitute.c.orig	Tue Oct 18 19:48:48 2011
+++ lib/substitute.c	Tue Jan 31 08:45:43 2012
+@@ -195,7 +195,7 @@ void sub_set_smb_name(const char *name)
+ }
+ 
+ static char sub_peeraddr[INET6_ADDRSTRLEN];
+-static const char *sub_peername = "";
+static const char *sub_peername = NULL;
+ static char sub_sockaddr[INET6_ADDRSTRLEN];
+ 
+ void sub_set_socket_ids(const char *peeraddr, const char *peername,
+@@ -208,6 +208,11 @@ void sub_set_socket_ids(const char *peeraddr, const ch
+ 	}
+ 	strlcpy(sub_peeraddr, addr, sizeof(sub_peeraddr));
+ 
+	if (sub_peername != NULL &&
+			sub_peername != sub_peeraddr) {
+		free(discard_const_p(char,sub_peername));
+		sub_peername = NULL;
+	}
+ 	sub_peername = SMB_STRDUP(peername);
+ 	if (sub_peername == NULL) {
+ 		sub_peername = sub_peeraddr;
+@@ -646,7 +651,7 @@ static char *alloc_sub_basic(const char *smb_name, con
+ 			break;
+ 		case 'M' :
+ 			a_string = realloc_string_sub(a_string, "%M",
+-						      sub_peername);
+						      sub_peername ? sub_peername : "");
+ 			break;
+ 		case 'R' :
+ 			a_string = realloc_string_sub(a_string, "%R", remote_proto);
--- a/net/samba/patches/patch-smbd_server_c
+++ b/net/samba/patches/patch-smbd_server_c
@ -0,0 +1,19 @@
+$OpenBSD: patch-smbd_server_c,v 1.1 2012/01/31 09:12:59 sthen Exp $
+
+http://ftp.samba.org/pub/samba/patches/security/samba-3.6.2-CVE-2012-0817.patch
+
+--- smbd/server.c.orig	Tue Oct 18 19:48:48 2011
+++ smbd/server.c	Tue Jan 31 08:45:43 2012
+@@ -64,6 +64,12 @@ static void smbd_set_server_fd(int fd)
+ 	 * name, default to its address.
+ 	 */
+ 
+	if (sconn->client_id.name != NULL &&
+	    sconn->client_id.name != sconn->client_id.addr) {
+		talloc_free(discard_const_p(char, sconn->client_id.name));
+		sconn->client_id.name = NULL;
+	}
+
+ 	client_addr(fd, sconn->client_id.addr, sizeof(sconn->client_id.addr));
+ 
+ 	name = client_name(sconn->sock);