From 98a844eafaddeeeb4af1460695aa9c6bbe5b89a6 Mon Sep 17 00:00:00 2001 From: sthen Date: Tue, 31 Jan 2012 09:12:58 +0000 Subject: [PATCH] SECURITY fix for CVE-2012-0817, memory leak affecting samba 3.6.0 to 3.6.2 can cause DoS. Pointed out by maintainer. http://ftp.samba.org/pub/samba/patches/security/samba-3.6.2-CVE-2012-0817.patch ok ajacoutot@ --- net/samba/Makefile | 4 +-- net/samba/patches/patch-lib_substitute_c | 36 ++++++++++++++++++++++++ net/samba/patches/patch-smbd_server_c | 19 +++++++++++++ 3 files changed, 57 insertions(+), 2 deletions(-) create mode 100644 net/samba/patches/patch-lib_substitute_c create mode 100644 net/samba/patches/patch-smbd_server_c diff --git a/net/samba/Makefile b/net/samba/Makefile index 6bbbbcca778..31b83b1c544 100644 --- a/net/samba/Makefile +++ b/net/samba/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.153 2011/12/17 22:01:13 sthen Exp $ +# $OpenBSD: Makefile,v 1.154 2012/01/31 09:12:58 sthen Exp $ SHARED_ONLY= Yes @@ -6,7 +6,7 @@ COMMENT-main= SMB and CIFS client and server for UNIX COMMENT-docs= additional documentation and examples for Samba DISTNAME= samba-3.6.1 -REVISION-main= 0 +REVISION-main= 1 PKGNAME-main= ${DISTNAME} FULLPKGNAME-docs= ${DISTNAME:S/-/-docs-/} FULLPKGPATH-docs= net/samba,-docs diff --git a/net/samba/patches/patch-lib_substitute_c b/net/samba/patches/patch-lib_substitute_c new file mode 100644 index 00000000000..b60812aebab --- /dev/null +++ b/net/samba/patches/patch-lib_substitute_c @@ -0,0 +1,36 @@ +$OpenBSD: patch-lib_substitute_c,v 1.1 2012/01/31 09:12:59 sthen Exp $ + +http://ftp.samba.org/pub/samba/patches/security/samba-3.6.2-CVE-2012-0817.patch + +--- lib/substitute.c.orig Tue Oct 18 19:48:48 2011 ++++ lib/substitute.c Tue Jan 31 08:45:43 2012 +@@ -195,7 +195,7 @@ void sub_set_smb_name(const char *name) + } + + static char sub_peeraddr[INET6_ADDRSTRLEN]; +-static const char *sub_peername = ""; ++static const char *sub_peername = NULL; + static char sub_sockaddr[INET6_ADDRSTRLEN]; + + void sub_set_socket_ids(const char *peeraddr, const char *peername, +@@ -208,6 +208,11 @@ void sub_set_socket_ids(const char *peeraddr, const ch + } + strlcpy(sub_peeraddr, addr, sizeof(sub_peeraddr)); + ++ if (sub_peername != NULL && ++ sub_peername != sub_peeraddr) { ++ free(discard_const_p(char,sub_peername)); ++ sub_peername = NULL; ++ } + sub_peername = SMB_STRDUP(peername); + if (sub_peername == NULL) { + sub_peername = sub_peeraddr; +@@ -646,7 +651,7 @@ static char *alloc_sub_basic(const char *smb_name, con + break; + case 'M' : + a_string = realloc_string_sub(a_string, "%M", +- sub_peername); ++ sub_peername ? sub_peername : ""); + break; + case 'R' : + a_string = realloc_string_sub(a_string, "%R", remote_proto); diff --git a/net/samba/patches/patch-smbd_server_c b/net/samba/patches/patch-smbd_server_c new file mode 100644 index 00000000000..4b0e9776fdb --- /dev/null +++ b/net/samba/patches/patch-smbd_server_c @@ -0,0 +1,19 @@ +$OpenBSD: patch-smbd_server_c,v 1.1 2012/01/31 09:12:59 sthen Exp $ + +http://ftp.samba.org/pub/samba/patches/security/samba-3.6.2-CVE-2012-0817.patch + +--- smbd/server.c.orig Tue Oct 18 19:48:48 2011 ++++ smbd/server.c Tue Jan 31 08:45:43 2012 +@@ -64,6 +64,12 @@ static void smbd_set_server_fd(int fd) + * name, default to its address. + */ + ++ if (sconn->client_id.name != NULL && ++ sconn->client_id.name != sconn->client_id.addr) { ++ talloc_free(discard_const_p(char, sconn->client_id.name)); ++ sconn->client_id.name = NULL; ++ } ++ + client_addr(fd, sconn->client_id.addr, sizeof(sconn->client_id.addr)); + + name = client_name(sconn->sock);