[Pkg-samba-maint] r1408 - in branches/samba/etch/debian: . patches

Sat May 26 10:10:21 UTC 2007

Author: vorlon
Date: 2007-05-26 10:10:21 +0000 (Sat, 26 May 2007)
New Revision: 1408

Added:
   branches/samba/etch/debian/patches/security-CVE-2007-2444_fixed-parse_prs.patch
Modified:
   branches/samba/etch/debian/changelog
   branches/samba/etch/debian/patches/series
Log:
New patch to fix a regression introduced with the fix for CVE-2007-2446.
Closes: #425680.



Modified: branches/samba/etch/debian/changelog
===================================================================

--- branches/samba/etch/debian/changelog	2007-05-26 09:59:43 UTC (rev 1407)
+++ branches/samba/etch/debian/changelog	2007-05-26 10:10:21 UTC (rev 1408)
@@ -1,3 +1,11 @@
+samba (3.0.24-6etch3) stable-security; urgency=high
+
+  * The fix for CVE-2007-2444 broke connections to servers that are domain
+    members. Upstream bug #4637
+    Closes: #425680
+
+ -- Christian Perrier <bubulle at debian.org>  Wed, 23 May 2007 21:35:28 +0200
+
 samba (3.0.24-6etch2) stable-security; urgency=high
 
   * The fix for CVE-2007-2444 broke the behaviour of "force group" when

Added: branches/samba/etch/debian/patches/security-CVE-2007-2444_fixed-parse_prs.patch
===================================================================
--- branches/samba/etch/debian/patches/security-CVE-2007-2444_fixed-parse_prs.patch	                        (rev 0)
+++ branches/samba/etch/debian/patches/security-CVE-2007-2444_fixed-parse_prs.patch	2007-05-26 10:10:21 UTC (rev 1408)
@@ -0,0 +1,100 @@
+=== modified file 'source/rpc_parse/parse_prs.c'
+--- samba-3.0.24.orig/source/rpc_parse/parse_prs.c	2007-05-12 18:41:54 +0000
++++ samba-3.0.24source/rpc_parse/parse_prs.c	2007-05-23 16:24:52 +0000
+@@ -642,8 +642,12 @@
+ 		return True;
+ 
+ 	if (UNMARSHALLING(ps)) {
+-		if ( !(*data = (void *)PRS_ALLOC_MEM(ps, char, data_size)) )
+-			return False;
++		if (data_size) {
++			if ( !(*data = (void *)PRS_ALLOC_MEM(ps, char, data_size)) )
++				return False;
++		} else {
++			*data = NULL;
++		}		
+ 	}
+ 
+ 	return prs_fn(name, ps, depth, *data);
+@@ -1014,16 +1018,16 @@
+ 	if (q == NULL)
+ 		return False;
+ 
++	/* If the string is empty, we don't have anything to stream */
++	if (str->buf_len==0)
++		return True;
++
+ 	if (UNMARSHALLING(ps)) {
+ 		str->buffer = PRS_ALLOC_MEM(ps,uint16,str->buf_len);
+ 		if (str->buffer == NULL)
+ 			return False;
+ 	}
+ 
+-	/* If the string is empty, we don't have anything to stream */
+-	if (str->buf_len==0)
+-		return True;
+-
+ 	p = (char *)str->buffer;
+ 
+ 	dbg_rw_punival(charmode, name, depth, ps, q, p, str->buf_len);
+@@ -1053,6 +1057,8 @@
+ 			buf->buffer = PRS_ALLOC_MEM(ps, uint16, buf->buf_max_len);
+ 			if ( buf->buffer == NULL )
+ 				return False;
++		} else {
++			buf->buffer = NULL;
+ 		}
+ 	}
+ 
+@@ -1080,9 +1086,13 @@
+ 		if (str->str_str_len > str->str_max_len) {
+ 			return False;
+ 		}
+-		str->buffer = PRS_ALLOC_MEM(ps,unsigned char, str->str_max_len);
+-		if (str->buffer == NULL)
+-			return False;
++		if (str->str_max_len) {
++			str->buffer = PRS_ALLOC_MEM(ps,unsigned char, str->str_max_len);
++			if (str->buffer == NULL)
++				return False;
++		} else {
++			str->buffer = NULL;
++		}
+ 	}
+ 
+ 	if (UNMARSHALLING(ps)) {
+@@ -1127,9 +1137,13 @@
+ 		if (str->uni_str_len > str->uni_max_len) {
+ 			return False;
+ 		}
+-		str->buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_max_len);
+-		if (str->buffer == NULL)
+-			return False;
++		if (str->uni_max_len) {
++			str->buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_max_len);
++			if (str->buffer == NULL)
++				return False;
++		} else {
++			str->buffer = NULL;
++		}
+ 	}
+ 
+ 	p = (char *)str->buffer;
+@@ -1154,9 +1168,13 @@
+ 		return False;
+ 
+ 	if (UNMARSHALLING(ps)) {
+-		str->str.buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_str_len);
+-		if (str->str.buffer == NULL)
+-			return False;
++		if (str->uni_str_len) {
++			str->str.buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_str_len);
++			if (str->str.buffer == NULL)
++				return False;
++		} else {
++			str->str.buffer = NULL;
++		}
+ 	}
+ 
+ 	p = (char *)str->str.buffer;
+

Modified: branches/samba/etch/debian/patches/series
===================================================================
--- branches/samba/etch/debian/patches/series	2007-05-26 09:59:43 UTC (rev 1407)
+++ branches/samba/etch/debian/patches/series	2007-05-26 10:10:21 UTC (rev 1408)
@@ -24,3 +24,4 @@
 security-CVE-2007-2446.patch
 security-CVE-2007-2447.patch
 security-CVE-2007-2444_fixed-force-group.patch
+security-CVE-2007-2444_fixed-parse_prs.patch


