[Pkg-samba-maint] [samba] 02/04: add patch for CVE-2014-0244
Ivo De Decker
ivodd at moszumanska.debian.org
Mon Jun 23 16:04:27 UTC 2014
This is an automated email from the git hooks/post-receive script.
ivodd pushed a commit to branch wheezy
in repository samba.
commit 8927100ef47acef32f9f19aa866c50da7c257847
Author: Ivo De Decker <ivo.dedecker at ugent.be>
Date: Sun Jun 22 00:09:57 2014 +0200
add patch for CVE-2014-0244
nmbd denial of service
---
debian/changelog | 1 +
debian/patches/security-CVE-2014-0244.patch | 48 +++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 50 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 40f9cbc..8a17733 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ samba (2:3.6.6-6+deb7u4) UNRELEASED; urgency=high
* Security update
* CVE-2014-0178: Uninitialized memory exposure when handling shadow_copy
data
+ * CVE-2014-0244: nmbd denial of service
-- Ivo De Decker <ivo.dedecker at ugent.be> Sun, 22 Jun 2014 00:00:38 +0200
diff --git a/debian/patches/security-CVE-2014-0244.patch b/debian/patches/security-CVE-2014-0244.patch
new file mode 100644
index 0000000..7c94c85
--- /dev/null
+++ b/debian/patches/security-CVE-2014-0244.patch
@@ -0,0 +1,48 @@
+From 9bef27dec1a81b7ba46bc3126edd5ac1b225f6dc Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra at samba.org>
+Date: Wed, 28 May 2014 10:40:27 -0700
+Subject: [PATCH] s3: nmbd: Fix bug 10633 - nmbd denial of service
+
+The Linux kernel has a bug in that it can give spurious
+wakeups on a non-blocking UDP socket for a non-deliverable packet.
+
+When nmbd was changed to use non-blocking sockets it
+became vulnerable to a spurious wakeup from poll/epoll.
+
+Fix sys_recvfile() to return on EWOULDBLOCK/EAGAIN.
+
+CVE-2014-0244
+
+Signed-off-by: Jeremy Allison <jra at samba.org>
+---
+ source3/lib/system.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/source3/lib/system.c b/source3/lib/system.c
+index af72b2a..698de12 100644
+--- a/source3/lib/system.c
++++ b/source3/lib/system.c
+@@ -169,6 +169,7 @@ ssize_t sys_send(int s, const void *msg, size_t len, int flags)
+
+ /*******************************************************************
+ A recvfrom wrapper that will deal with EINTR.
++NB. As used with non-blocking sockets, return on EAGAIN/EWOULDBLOCK
+ ********************************************************************/
+
+ ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlen)
+@@ -177,11 +178,7 @@ ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *f
+
+ do {
+ ret = recvfrom(s, buf, len, flags, from, fromlen);
+-#if defined(EWOULDBLOCK)
+- } while (ret == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK));
+-#else
+- } while (ret == -1 && (errno == EINTR || errno == EAGAIN));
+-#endif
++ } while (ret == -1 && (errno == EINTR));
+ return ret;
+ }
+
+--
+1.9.1.423.g4596e3a
+
diff --git a/debian/patches/series b/debian/patches/series
index 90acf3e..b4a50c5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -30,3 +30,4 @@ security-CVE-2013-4408.patch
security-CVE-2012-6150.patch
security-CVE-2013-4496.patch
security-CVE-2014-0178.patch
+security-CVE-2014-0244.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git
More information about the Pkg-samba-maint
mailing list