[Pkg-samba-maint] Bug#488688: samba: regression with CVE-2008-1105: serving large files may break

Jamie Strandboge jamie at ubuntu.com
Mon Jun 30 16:40:38 UTC 2008 

Package: samba
Version: 2:3.0.30-2
Severity: normal
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu intrepid ubuntu-patch


In Ubuntu, we've applied the attached patch to our development and stable
releases to achieve the following:

  * debian/patches/upstream_bug5517.patch: adjust cli_negprot() to properly
    calculate buffer sizes. This bug was introduced in the fix for
    CVE-2008-1105
  * References
    https://bugs.launchpad.net/ubuntu/+source/samba/+bug/241448
    https://bugzilla.samba.org/show_bug.cgi?id=5517

Jamie
-------------- next part --------------
diff -u samba-3.0.30/debian/changelog samba-3.0.30/debian/changelog
diff -u samba-3.0.30/debian/patches/series samba-3.0.30/debian/patches/series
--- samba-3.0.30/debian/patches/series
+++ samba-3.0.30/debian/patches/series
@@ -17,0 +18 @@
+upstream_bug5517.patch
only in patch2:
unchanged:
--- samba-3.0.30.orig/debian/patches/upstream_bug5517.patch
+++ samba-3.0.30/debian/patches/upstream_bug5517.patch
@@ -0,0 +1,16 @@
+diff -Nur samba-3.0.30/source/libsmb/cliconnect.c samba-3.0.30.new/source/libsmb/cliconnect.c
+--- samba-3.0.30/source/libsmb/cliconnect.c	2008-05-28 08:41:11.000000000 -0400
++++ samba-3.0.30.new/source/libsmb/cliconnect.c	2008-06-30 09:17:06.000000000 -0400
+@@ -1328,9 +1328,9 @@
+ 		if (cli->capabilities & (CAP_LARGE_READX|CAP_LARGE_WRITEX)) {
+ 			SAFE_FREE(cli->outbuf);
+ 			SAFE_FREE(cli->inbuf);
+-			cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN);
+-			cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN);
+-			cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE;
++			cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
++			cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
++			cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE + LARGE_WRITEX_HDR_SIZE;
+ 		}
+ 
+ 	} else if (cli->protocol >= PROTOCOL_LANMAN1) {

More information about the Pkg-samba-maint mailing list