[Pkg-samba-maint] [samba] 02/06: s3: nmbd: Fix bug 10633 - nmbd denial of service

[Ivo De Decker]

This is an automated email from the git hooks/post-receive script.

ivodd pushed a commit to branch upstream_4.1
in repository samba.

commit a04875b61021b20dced1b122db32d8c7aa5bc747
Author: Jeremy Allison <jra at samba.org>
Date:   Wed May 28 10:40:27 2014 -0700

    s3: nmbd: Fix bug 10633 - nmbd denial of service
    
    The Linux kernel has a bug in that it can give spurious
    wakeups on a non-blocking UDP socket for a non-deliverable packet.
    
    When nmbd was changed to use non-blocking sockets it
    became vulnerable to a spurious wakeup from poll/epoll.
    
    Fix sys_recvfile() to return on EWOULDBLOCK/EAGAIN.
    
    CVE-2014-0244
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
---
 source3/lib/system.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/source3/lib/system.c b/source3/lib/system.c
index 8252e4f..4f38597 100644
--- a/source3/lib/system.c
+++ b/source3/lib/system.c
@@ -169,6 +169,7 @@ ssize_t sys_send(int s, const void *msg, size_t len, int flags)
 
 /*******************************************************************
 A recvfrom wrapper that will deal with EINTR.
+NB. As used with non-blocking sockets, return on EAGAIN/EWOULDBLOCK
 ********************************************************************/
 
 ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlen)
@@ -177,11 +178,7 @@ ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *f
 
 	do {
 		ret = recvfrom(s, buf, len, flags, from, fromlen);
-#if defined(EWOULDBLOCK)
-	} while (ret == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK));
-#else
-	} while (ret == -1 && (errno == EINTR || errno == EAGAIN));
-#endif
+	} while (ret == -1 && (errno == EINTR));
 	return ret;
 }
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git