[Pkg-samba-maint] [samba] 03/04: Refresh patches from security update
Ivo De Decker
ivodd at moszumanska.debian.org
Mon Jun 23 17:36:01 UTC 2014
This is an automated email from the git hooks/post-receive script.
ivodd pushed a commit to branch squeeze-backports
in repository samba.
commit cd62a0daeae5de33b6f63c6afd1d80de92654aa9
Author: Ivo De Decker <ivo.dedecker at ugent.be>
Date: Mon Jun 23 19:10:59 2014 +0200
Refresh patches from security update
Needed to make them apply with patch from squeeze.
---
debian/changelog | 2 +
debian/patches/security-CVE-2013-4496.patch | 417 ++++------------------------
debian/patches/security-CVE-2014-0178.patch | 81 +-----
3 files changed, 71 insertions(+), 429 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index e33e53b..7172d42 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
samba (2:3.6.6-6+deb7u4~bpo60+1) UNRELEASED; urgency=medium
* Rebuild for squeeze-backports.
+ * Refresh patches from security update, to make them apply with patch from
+ squeeze.
-- Ivo De Decker <ivo.dedecker at ugent.be> Mon, 23 Jun 2014 18:51:05 +0200
diff --git a/debian/patches/security-CVE-2013-4496.patch b/debian/patches/security-CVE-2013-4496.patch
index 9db4e9c..93cbc17 100644
--- a/debian/patches/security-CVE-2013-4496.patch
+++ b/debian/patches/security-CVE-2013-4496.patch
@@ -15,31 +15,11 @@ password changes, such as are available over multiple SAMR and RAP
interfaces, allowing password guessing attacks.
-
-From 25066eb31d6608075b5993b0d19b3e0843cdadeb Mon Sep 17 00:00:00 2001
-From: Andrew Bartlett <abartlet at samba.org>
-Date: Fri, 1 Nov 2013 14:55:44 +1300
-Subject: [PATCH 1/3] CVE-2013-4496:s3-samr: Block attempts to crack passwords
- via repeated password changes
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
-
-Signed-off-by: Andrew Bartlett <abartlet at samba.org>
-Signed-off-by: Stefan Metzmacher <metze at samba.org>
-Signed-off-by: Jeremy Allison <jra at samba.org>
-Reviewed-by: Stefan Metzmacher <metze at samba.org>
-Reviewed-by: Jeremy Allison <jra at samba.org>
-Reviewed-by: Andreas Schneider <asn at samba.org>
----
- source3/rpc_server/samr/srv_samr_chgpasswd.c | 55 ++++++++++++++++
- source3/rpc_server/samr/srv_samr_nt.c | 90 +++++++++++++++++++++-----
- 2 files changed, 129 insertions(+), 16 deletions(-)
-
-diff --git a/source3/rpc_server/samr/srv_samr_chgpasswd.c b/source3/rpc_server/samr/srv_samr_chgpasswd.c
-index 0b4b25b..59905be 100644
---- a/source3/rpc_server/samr/srv_samr_chgpasswd.c
-+++ b/source3/rpc_server/samr/srv_samr_chgpasswd.c
-@@ -1106,6 +1106,8 @@ NTSTATUS pass_oem_change(char *user, const char *rhost,
+Index: samba/source3/rpc_server/samr/srv_samr_chgpasswd.c
+===================================================================
+--- samba.orig/source3/rpc_server/samr/srv_samr_chgpasswd.c
++++ samba/source3/rpc_server/samr/srv_samr_chgpasswd.c
+@@ -1101,6 +1101,8 @@ NTSTATUS pass_oem_change(char *user, con
struct samu *sampass = NULL;
NTSTATUS nt_status;
bool ret = false;
@@ -48,7 +28,7 @@ index 0b4b25b..59905be 100644
if (!(sampass = samu_new(NULL))) {
return NT_STATUS_NO_MEMORY;
-@@ -1121,6 +1123,13 @@ NTSTATUS pass_oem_change(char *user, const char *rhost,
+@@ -1116,6 +1118,13 @@ NTSTATUS pass_oem_change(char *user, con
return NT_STATUS_NO_SUCH_USER;
}
@@ -62,7 +42,7 @@ index 0b4b25b..59905be 100644
nt_status = check_oem_password(user,
password_encrypted_with_lm_hash,
old_lm_hash_encrypted,
-@@ -1129,6 +1138,52 @@ NTSTATUS pass_oem_change(char *user, const char *rhost,
+@@ -1124,6 +1133,52 @@ NTSTATUS pass_oem_change(char *user, con
sampass,
&new_passwd);
@@ -115,251 +95,11 @@ index 0b4b25b..59905be 100644
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(sampass);
return nt_status;
-diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
-index 78ef1ba..3241b97 100644
---- a/source3/rpc_server/samr/srv_samr_nt.c
-+++ b/source3/rpc_server/samr/srv_samr_nt.c
-@@ -1715,9 +1715,11 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
- NTSTATUS status;
- bool ret = false;
- struct samr_user_info *uinfo;
-- struct samu *pwd;
-+ struct samu *pwd = NULL;
- struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash;
- struct samr_Password lm_pwd, nt_pwd;
-+ bool updated_badpw = false;
-+ NTSTATUS update_login_attempts_status;
-
- uinfo = policy_handle_find(p, r->in.user_handle,
- SAMR_USER_ACCESS_SET_PASSWORD, NULL,
-@@ -1729,6 +1731,15 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
- DEBUG(5,("_samr_ChangePasswordUser: sid:%s\n",
- sid_string_dbg(&uinfo->sid)));
-
-+ /* basic sanity checking on parameters. Do this before any database ops */
-+ if (!r->in.lm_present || !r->in.nt_present ||
-+ !r->in.old_lm_crypted || !r->in.new_lm_crypted ||
-+ !r->in.old_nt_crypted || !r->in.new_nt_crypted) {
-+ /* we should really handle a change with lm not
-+ present */
-+ return NT_STATUS_INVALID_PARAMETER_MIX;
-+ }
-+
- if (!(pwd = samu_new(NULL))) {
- return NT_STATUS_NO_MEMORY;
- }
-@@ -1742,6 +1753,14 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
- return NT_STATUS_WRONG_PASSWORD;
- }
-
-+ /* Quit if the account was locked out. */
-+ if (pdb_get_acct_ctrl(pwd) & ACB_AUTOLOCK) {
-+ DEBUG(3, ("Account for user %s was locked out.\n",
-+ pdb_get_username(pwd)));
-+ status = NT_STATUS_ACCOUNT_LOCKED_OUT;
-+ goto out;
-+ }
-+
- {
- const uint8_t *lm_pass, *nt_pass;
-
-@@ -1750,29 +1769,19 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
-
- if (!lm_pass || !nt_pass) {
- status = NT_STATUS_WRONG_PASSWORD;
-- goto out;
-+ goto update_login;
- }
-
- memcpy(&lm_pwd.hash, lm_pass, sizeof(lm_pwd.hash));
- memcpy(&nt_pwd.hash, nt_pass, sizeof(nt_pwd.hash));
- }
-
-- /* basic sanity checking on parameters. Do this before any database ops */
-- if (!r->in.lm_present || !r->in.nt_present ||
-- !r->in.old_lm_crypted || !r->in.new_lm_crypted ||
-- !r->in.old_nt_crypted || !r->in.new_nt_crypted) {
-- /* we should really handle a change with lm not
-- present */
-- status = NT_STATUS_INVALID_PARAMETER_MIX;
-- goto out;
-- }
--
- /* decrypt and check the new lm hash */
- D_P16(lm_pwd.hash, r->in.new_lm_crypted->hash, new_lmPwdHash.hash);
- D_P16(new_lmPwdHash.hash, r->in.old_lm_crypted->hash, checkHash.hash);
- if (memcmp(checkHash.hash, lm_pwd.hash, 16) != 0) {
- status = NT_STATUS_WRONG_PASSWORD;
-- goto out;
-+ goto update_login;
- }
-
- /* decrypt and check the new nt hash */
-@@ -1780,7 +1789,7 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
- D_P16(new_ntPwdHash.hash, r->in.old_nt_crypted->hash, checkHash.hash);
- if (memcmp(checkHash.hash, nt_pwd.hash, 16) != 0) {
- status = NT_STATUS_WRONG_PASSWORD;
-- goto out;
-+ goto update_login;
- }
-
- /* The NT Cross is not required by Win2k3 R2, but if present
-@@ -1789,7 +1798,7 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
- D_P16(lm_pwd.hash, r->in.nt_cross->hash, checkHash.hash);
- if (memcmp(checkHash.hash, new_ntPwdHash.hash, 16) != 0) {
- status = NT_STATUS_WRONG_PASSWORD;
-- goto out;
-+ goto update_login;
- }
- }
-
-@@ -1799,7 +1808,7 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
- D_P16(nt_pwd.hash, r->in.lm_cross->hash, checkHash.hash);
- if (memcmp(checkHash.hash, new_lmPwdHash.hash, 16) != 0) {
- status = NT_STATUS_WRONG_PASSWORD;
-- goto out;
-+ goto update_login;
- }
- }
-
-@@ -1810,6 +1819,55 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
- }
-
- status = pdb_update_sam_account(pwd);
-+
-+update_login:
-+
-+ /*
-+ * Notify passdb backend of login success/failure. If not
-+ * NT_STATUS_OK the backend doesn't like the login
-+ */
-+ update_login_attempts_status = pdb_update_login_attempts(pwd,
-+ NT_STATUS_IS_OK(status));
-+
-+ if (!NT_STATUS_IS_OK(status)) {
-+ bool increment_bad_pw_count = false;
-+
-+ if (NT_STATUS_EQUAL(status,NT_STATUS_WRONG_PASSWORD) &&
-+ (pdb_get_acct_ctrl(pwd) & ACB_NORMAL) &&
-+ NT_STATUS_IS_OK(update_login_attempts_status))
-+ {
-+ increment_bad_pw_count = true;
-+ }
-+
-+ if (increment_bad_pw_count) {
-+ pdb_increment_bad_password_count(pwd);
-+ updated_badpw = true;
-+ } else {
-+ pdb_update_bad_password_count(pwd,
-+ &updated_badpw);
-+ }
-+ } else {
-+
-+ if ((pdb_get_acct_ctrl(pwd) & ACB_NORMAL) &&
-+ (pdb_get_bad_password_count(pwd) > 0)){
-+ pdb_set_bad_password_count(pwd, 0, PDB_CHANGED);
-+ pdb_set_bad_password_time(pwd, 0, PDB_CHANGED);
-+ updated_badpw = true;
-+ }
-+ }
-+
-+ if (updated_badpw) {
-+ NTSTATUS update_status;
-+ become_root();
-+ update_status = pdb_update_sam_account(pwd);
-+ unbecome_root();
-+
-+ if (!NT_STATUS_IS_OK(update_status)) {
-+ DEBUG(1, ("Failed to modify entry: %s\n",
-+ nt_errstr(update_status)));
-+ }
-+ }
-+
- out:
- TALLOC_FREE(pwd);
-
---
-1.7.9.5
-
-
-From 059da248cf69a3b0ef29836f49367b938fb1cbda Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze at samba.org>
-Date: Tue, 5 Nov 2013 14:04:20 +0100
-Subject: [PATCH 2/3] CVE-2013-4496:s3:auth: fix memory leak in the
- ACCOUNT_LOCKED_OUT case.
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
-
-Signed-off-by: Stefan Metzmacher <metze at samba.org>
-Reviewed-by: Jeremy Allison <jra at samba.org>
-Signed-off-by: Andrew Bartlett <abartlet at samba.org>
-Reviewed-by: Andreas Schneider <asn at samba.org>
----
- source3/auth/check_samsec.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
-index f918dc0..e2c42d6 100644
---- a/source3/auth/check_samsec.c
-+++ b/source3/auth/check_samsec.c
-@@ -408,6 +408,7 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge,
- /* Quit if the account was locked out. */
- if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
- DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username));
-+ TALLOC_FREE(sampass);
- return NT_STATUS_ACCOUNT_LOCKED_OUT;
- }
-
---
-1.7.9.5
-
-
-From 27f982ef33a1238ae48d7a38d608dd23ebde61ae Mon Sep 17 00:00:00 2001
-From: Andrew Bartlett <abartlet at samba.org>
-Date: Tue, 5 Nov 2013 16:16:46 +1300
-Subject: [PATCH 3/3] CVE-2013-4496:samr: Remove ChangePasswordUser
-
-This old password change mechanism does not provide the plaintext to
-validate against password complexity, and it is not used by modern
-clients.
-
-The missing features in both implementations (by design) were:
-
- - the password complexity checks (no plaintext)
- - the minimum password length (no plaintext)
-
-Additionally, the source3 version did not check:
-
- - the minimum password age
- - pdb_get_pass_can_change() which checks the security
- descriptor for the 'user cannot change password' setting.
- - the password history
- - the output of the 'passwd program' if 'unix passwd sync = yes'.
-
-Finally, the mechanism was almost useless, as it was incorrectly
-only made available to administrative users with permission
-to reset the password. It is removed here so that it is not
-mistakenly reinstated in the future.
-
-Andrew Bartlett
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
-
-Signed-off-by: Andrew Bartlett <abartlet at samba.org>
-Reviewed-by: Andreas Schneider <asn at samba.org>
-Reviewed-by: Stefan Metzmacher <metze at samba.org>
----
- source3/rpc_server/samr/srv_samr_nt.c | 169 +-------------------
- source3/smbd/lanman.c | 254 -------------------------------
- source4/rpc_server/samr/samr_password.c | 126 +--------------
- source4/torture/rpc/samr.c | 12 +-
- 4 files changed, 24 insertions(+), 537 deletions(-)
-
-diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
-index 3241b97..2519a3f 100644
---- a/source3/rpc_server/samr/srv_samr_nt.c
-+++ b/source3/rpc_server/samr/srv_samr_nt.c
-@@ -1706,172 +1706,19 @@ NTSTATUS _samr_LookupNames(struct pipes_struct *p,
+Index: samba/source3/rpc_server/samr/srv_samr_nt.c
+===================================================================
+--- samba.orig/source3/rpc_server/samr/srv_samr_nt.c
++++ samba/source3/rpc_server/samr/srv_samr_nt.c
+@@ -1706,114 +1706,19 @@ NTSTATUS _samr_LookupNames(struct pipes_
}
/****************************************************************
@@ -379,11 +119,9 @@ index 3241b97..2519a3f 100644
- NTSTATUS status;
- bool ret = false;
- struct samr_user_info *uinfo;
-- struct samu *pwd = NULL;
+- struct samu *pwd;
- struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash;
- struct samr_Password lm_pwd, nt_pwd;
-- bool updated_badpw = false;
-- NTSTATUS update_login_attempts_status;
-
- uinfo = policy_handle_find(p, r->in.user_handle,
- SAMR_USER_ACCESS_SET_PASSWORD, NULL,
@@ -395,15 +133,6 @@ index 3241b97..2519a3f 100644
- DEBUG(5,("_samr_ChangePasswordUser: sid:%s\n",
- sid_string_dbg(&uinfo->sid)));
-
-- /* basic sanity checking on parameters. Do this before any database ops */
-- if (!r->in.lm_present || !r->in.nt_present ||
-- !r->in.old_lm_crypted || !r->in.new_lm_crypted ||
-- !r->in.old_nt_crypted || !r->in.new_nt_crypted) {
-- /* we should really handle a change with lm not
-- present */
-- return NT_STATUS_INVALID_PARAMETER_MIX;
-- }
--
- if (!(pwd = samu_new(NULL))) {
- return NT_STATUS_NO_MEMORY;
- }
@@ -417,14 +146,6 @@ index 3241b97..2519a3f 100644
- return NT_STATUS_WRONG_PASSWORD;
- }
-
-- /* Quit if the account was locked out. */
-- if (pdb_get_acct_ctrl(pwd) & ACB_AUTOLOCK) {
-- DEBUG(3, ("Account for user %s was locked out.\n",
-- pdb_get_username(pwd)));
-- status = NT_STATUS_ACCOUNT_LOCKED_OUT;
-- goto out;
-- }
--
- {
- const uint8_t *lm_pass, *nt_pass;
-
@@ -433,19 +154,29 @@ index 3241b97..2519a3f 100644
-
- if (!lm_pass || !nt_pass) {
- status = NT_STATUS_WRONG_PASSWORD;
-- goto update_login;
+- goto out;
- }
-
- memcpy(&lm_pwd.hash, lm_pass, sizeof(lm_pwd.hash));
- memcpy(&nt_pwd.hash, nt_pass, sizeof(nt_pwd.hash));
- }
-
+- /* basic sanity checking on parameters. Do this before any database ops */
+- if (!r->in.lm_present || !r->in.nt_present ||
+- !r->in.old_lm_crypted || !r->in.new_lm_crypted ||
+- !r->in.old_nt_crypted || !r->in.new_nt_crypted) {
+- /* we should really handle a change with lm not
+- present */
+- status = NT_STATUS_INVALID_PARAMETER_MIX;
+- goto out;
+- }
+-
- /* decrypt and check the new lm hash */
- D_P16(lm_pwd.hash, r->in.new_lm_crypted->hash, new_lmPwdHash.hash);
- D_P16(new_lmPwdHash.hash, r->in.old_lm_crypted->hash, checkHash.hash);
- if (memcmp(checkHash.hash, lm_pwd.hash, 16) != 0) {
- status = NT_STATUS_WRONG_PASSWORD;
-- goto update_login;
+- goto out;
- }
-
- /* decrypt and check the new nt hash */
@@ -453,7 +184,7 @@ index 3241b97..2519a3f 100644
- D_P16(new_ntPwdHash.hash, r->in.old_nt_crypted->hash, checkHash.hash);
- if (memcmp(checkHash.hash, nt_pwd.hash, 16) != 0) {
- status = NT_STATUS_WRONG_PASSWORD;
-- goto update_login;
+- goto out;
- }
-
- /* The NT Cross is not required by Win2k3 R2, but if present
@@ -462,7 +193,7 @@ index 3241b97..2519a3f 100644
- D_P16(lm_pwd.hash, r->in.nt_cross->hash, checkHash.hash);
- if (memcmp(checkHash.hash, new_ntPwdHash.hash, 16) != 0) {
- status = NT_STATUS_WRONG_PASSWORD;
-- goto update_login;
+- goto out;
- }
- }
-
@@ -472,7 +203,7 @@ index 3241b97..2519a3f 100644
- D_P16(nt_pwd.hash, r->in.lm_cross->hash, checkHash.hash);
- if (memcmp(checkHash.hash, new_lmPwdHash.hash, 16) != 0) {
- status = NT_STATUS_WRONG_PASSWORD;
-- goto update_login;
+- goto out;
- }
- }
-
@@ -483,55 +214,6 @@ index 3241b97..2519a3f 100644
- }
-
- status = pdb_update_sam_account(pwd);
--
--update_login:
--
-- /*
-- * Notify passdb backend of login success/failure. If not
-- * NT_STATUS_OK the backend doesn't like the login
-- */
-- update_login_attempts_status = pdb_update_login_attempts(pwd,
-- NT_STATUS_IS_OK(status));
--
-- if (!NT_STATUS_IS_OK(status)) {
-- bool increment_bad_pw_count = false;
--
-- if (NT_STATUS_EQUAL(status,NT_STATUS_WRONG_PASSWORD) &&
-- (pdb_get_acct_ctrl(pwd) & ACB_NORMAL) &&
-- NT_STATUS_IS_OK(update_login_attempts_status))
-- {
-- increment_bad_pw_count = true;
-- }
--
-- if (increment_bad_pw_count) {
-- pdb_increment_bad_password_count(pwd);
-- updated_badpw = true;
-- } else {
-- pdb_update_bad_password_count(pwd,
-- &updated_badpw);
-- }
-- } else {
--
-- if ((pdb_get_acct_ctrl(pwd) & ACB_NORMAL) &&
-- (pdb_get_bad_password_count(pwd) > 0)){
-- pdb_set_bad_password_count(pwd, 0, PDB_CHANGED);
-- pdb_set_bad_password_time(pwd, 0, PDB_CHANGED);
-- updated_badpw = true;
-- }
-- }
--
-- if (updated_badpw) {
-- NTSTATUS update_status;
-- become_root();
-- update_status = pdb_update_sam_account(pwd);
-- unbecome_root();
--
-- if (!NT_STATUS_IS_OK(update_status)) {
-- DEBUG(1, ("Failed to modify entry: %s\n",
-- nt_errstr(update_status)));
-- }
-- }
--
- out:
- TALLOC_FREE(pwd);
-
@@ -540,11 +222,23 @@ index 3241b97..2519a3f 100644
}
/*******************************************************************
-diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
-index aef12df..3b4ec65 100644
---- a/source3/smbd/lanman.c
-+++ b/source3/smbd/lanman.c
-@@ -2947,259 +2947,6 @@ static bool api_NetRemoteTOD(struct smbd_server_connection *sconn,
+Index: samba/source3/auth/check_samsec.c
+===================================================================
+--- samba.orig/source3/auth/check_samsec.c
++++ samba/source3/auth/check_samsec.c
+@@ -408,6 +408,7 @@ NTSTATUS check_sam_security(const DATA_B
+ /* Quit if the account was locked out. */
+ if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
+ DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username));
++ TALLOC_FREE(sampass);
+ return NT_STATUS_ACCOUNT_LOCKED_OUT;
+ }
+
+Index: samba/source3/smbd/lanman.c
+===================================================================
+--- samba.orig/source3/smbd/lanman.c
++++ samba/source3/smbd/lanman.c
+@@ -2947,259 +2947,6 @@ static bool api_NetRemoteTOD(struct smbd
}
/****************************************************************************
@@ -812,10 +506,10 @@ index aef12df..3b4ec65 100644
{"WWkstaUserLogon", RAP_WWkstaUserLogon, api_WWkstaUserLogon},
{"PrintJobInfo", RAP_WPrintJobSetInfo, api_PrintJobInfo},
{"WPrintDriverEnum", RAP_WPrintDriverEnum, api_WPrintDriverEnum},
-diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
-index ee13a11..e618740 100644
---- a/source4/rpc_server/samr/samr_password.c
-+++ b/source4/rpc_server/samr/samr_password.c
+Index: samba/source4/rpc_server/samr/samr_password.c
+===================================================================
+--- samba.orig/source4/rpc_server/samr/samr_password.c
++++ samba/source4/rpc_server/samr/samr_password.c
@@ -32,131 +32,17 @@
/*
@@ -954,11 +648,11 @@ index ee13a11..e618740 100644
}
/*
-diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
-index 7d9a1e2..adfc5d4 100644
---- a/source4/torture/rpc/samr.c
-+++ b/source4/torture/rpc/samr.c
-@@ -1728,8 +1728,16 @@ static bool test_ChangePasswordUser(struct dcerpc_binding_handle *b,
+Index: samba/source4/torture/rpc/samr.c
+===================================================================
+--- samba.orig/source4/torture/rpc/samr.c
++++ samba/source4/torture/rpc/samr.c
+@@ -1728,8 +1728,16 @@ static bool test_ChangePasswordUser(stru
torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r),
"ChangePasswordUser failed");
@@ -977,6 +671,3 @@ index 7d9a1e2..adfc5d4 100644
/* Unbreak the LM hash */
hash1.hash[0]--;
---
-1.7.9.5
-
diff --git a/debian/patches/security-CVE-2014-0178.patch b/debian/patches/security-CVE-2014-0178.patch
index db4963d..05be8ab 100644
--- a/debian/patches/security-CVE-2014-0178.patch
+++ b/debian/patches/security-CVE-2014-0178.patch
@@ -1,65 +1,8 @@
-From 080973527097de29261b4f17a976155dae4b1d5c Mon Sep 17 00:00:00 2001
-From: Christof Schmitt <christof.schmitt at us.ibm.com>
-Date: Mon, 5 Aug 2013 11:16:22 -0700
-Subject: [PATCH 1/2] FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to
- zero
-
-Otherwise num_volumes and the end marker can return uninitialized data
-to the client.
-
-Signed-off-by: Christof Schmitt <christof.schmitt at us.ibm.com>
-Reviewed-by: Jeremy Allison <jra at samba.org>
-Reviewed-by: Simo Sorce <idra at samba.org>
-(cherry picked from commit 30e724cbff1ecd90e5a676831902d1e41ec1b347)
-[ddiss at samba.org: rebased on 3.6, where fsctl code is in nttrans.c]
----
- source3/smbd/nttrans.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
-index 4c145e0..88415aa 100644
---- a/source3/smbd/nttrans.c
-+++ b/source3/smbd/nttrans.c
-@@ -2313,7 +2313,7 @@ NTSTATUS smb_fsctl(struct files_struct *fsp,
- return NT_STATUS_BUFFER_TOO_SMALL;
- }
-
-- cur_pdata = talloc_array(ctx, char, *out_len);
-+ cur_pdata = talloc_zero_array(ctx, char, *out_len);
- if (cur_pdata == NULL) {
- TALLOC_FREE(shadow_data);
- return NT_STATUS_NO_MEMORY;
---
-1.8.4.5
-
-
-From 06c7fc330f8743f98abd7d07535ff541f6e4c264 Mon Sep 17 00:00:00 2001
-From: Christof Schmitt <christof.schmitt at us.ibm.com>
-Date: Mon, 5 Aug 2013 11:21:59 -0700
-Subject: [PATCH 2/2] FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at
- end
-
-labels_data_count already accounts for the unicode null character at the
-end of the array. There is no need in adding space for it again.
-
-Signed-off-by: Christof Schmitt <christof.schmitt at us.ibm.com>
-Reviewed-by: Jeremy Allison <jra at samba.org>
-Reviewed-by: Simo Sorce <idra at samba.org>
-
-Autobuild-User(master): Jeremy Allison <jra at samba.org>
-Autobuild-Date(master): Tue Aug 6 04:03:17 CEST 2013 on sn-devel-104
-
-(cherry picked from commit eb50fb8f3bf670bd7d1cf8fd4368ef4a73083696)
-[ddiss at samba.org: rebased on 3.6, where fsctl code is in nttrans.c]
----
- source3/smbd/nttrans.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
-index 88415aa..b9a6620 100644
---- a/source3/smbd/nttrans.c
-+++ b/source3/smbd/nttrans.c
-@@ -2303,7 +2303,7 @@ NTSTATUS smb_fsctl(struct files_struct *fsp,
+Index: samba/source3/smbd/nttrans.c
+===================================================================
+--- samba.orig/source3/smbd/nttrans.c
++++ samba/source3/smbd/nttrans.c
+@@ -2264,7 +2264,7 @@ NTSTATUS smb_fsctl(struct files_struct *
if (!labels) {
*out_len = 16;
} else {
@@ -68,7 +11,16 @@ index 88415aa..b9a6620 100644
}
if (max_out_len < *out_len) {
-@@ -2330,7 +2330,7 @@ NTSTATUS smb_fsctl(struct files_struct *fsp,
+@@ -2274,7 +2274,7 @@ NTSTATUS smb_fsctl(struct files_struct *
+ return NT_STATUS_BUFFER_TOO_SMALL;
+ }
+
+- cur_pdata = talloc_array(ctx, char, *out_len);
++ cur_pdata = talloc_zero_array(ctx, char, *out_len);
+ if (cur_pdata == NULL) {
+ TALLOC_FREE(shadow_data);
+ return NT_STATUS_NO_MEMORY;
+@@ -2291,7 +2291,7 @@ NTSTATUS smb_fsctl(struct files_struct *
}
/* needed_data_count 4 bytes */
@@ -77,6 +29,3 @@ index 88415aa..b9a6620 100644
cur_pdata += 12;
---
-1.8.4.5
-
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git
More information about the Pkg-samba-maint
mailing list