[Pkg-samba-maint] r2010 - in trunk/samba/debian: . patches

bubulle at alioth.debian.org bubulle at alioth.debian.org
Sun Jul 6 09:43:07 UTC 2008 

tags 488688 pending
thanks

Author: bubulle
Date: 2008-07-06 09:43:07 +0000 (Sun, 06 Jul 2008)
New Revision: 2010

Added:
   trunk/samba/debian/patches/upstream_bug5517.patch
Modified:
   trunk/samba/debian/changelog
   trunk/samba/debian/patches/series
Log:
Fix upstream bug 5517. Thanks to Jamie Strandboge


Modified: trunk/samba/debian/changelog
===================================================================
--- trunk/samba/debian/changelog	2008-07-06 09:25:46 UTC (rev 2009)
+++ trunk/samba/debian/changelog	2008-07-06 09:43:07 UTC (rev 2010)
@@ -7,6 +7,11 @@
   [ Jelmer Vernooij ]
   * Fix bashism in smbtar. (Closes: #486056)
 
+  [ Jamie Strandboge ]
+  * debian/patches/upstream_bug5517.patch: adjust cli_negprot() to properly
+    calculate buffer sizes. This bug was introduced in the fix for
+    CVE-2008-1105. Closes: #488688
+
   [ Debconf translations ]
   * Romanian updated. Closes: #488709.
 

Modified: trunk/samba/debian/patches/series
===================================================================
--- trunk/samba/debian/patches/series	2008-07-06 09:25:46 UTC (rev 2009)
+++ trunk/samba/debian/patches/series	2008-07-06 09:43:07 UTC (rev 2010)
@@ -18,3 +18,4 @@
 no-unnecessary-cups.patch
 swat-de.patch
 smbtar-bashism.patch
+upstream_bug5517.patch

Added: trunk/samba/debian/patches/upstream_bug5517.patch
===================================================================
--- trunk/samba/debian/patches/upstream_bug5517.patch	                        (rev 0)
+++ trunk/samba/debian/patches/upstream_bug5517.patch	2008-07-06 09:43:07 UTC (rev 2010)
@@ -0,0 +1,25 @@
+Goal: djust cli_negprot() to properly
+    calculate buffer sizes. This bug was introduced in the fix for
+    CVE-2008-1105
+
+Fixes: #488688. 
+
+Status wrt upstream: Will be fixed in 3.0.31
+
+Index: samba-3.0.30/source/libsmb/cliconnect.c
+===================================================================
+--- samba-3.0.30/source/libsmb/cliconnect.c	2008-05-28 08:41:11.000000000 -0400
++++ samba-3.0.30.new/source/libsmb/cliconnect.c	2008-06-30 09:17:06.000000000 -0400
+@@ -1328,9 +1328,9 @@
+ 		if (cli->capabilities & (CAP_LARGE_READX|CAP_LARGE_WRITEX)) {
+ 			SAFE_FREE(cli->outbuf);
+ 			SAFE_FREE(cli->inbuf);
+-			cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN);
+-			cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN);
+-			cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE;
++			cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
++			cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
++			cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE + LARGE_WRITEX_HDR_SIZE;
+ 		}
+ 
+ 	} else if (cli->protocol >= PROTOCOL_LANMAN1) {

More information about the Pkg-samba-maint mailing list