[Pkg-samba-maint] [samba] 14/17: Add additional changes required for the CVE-2017-2619 fix

Mathieu Parent sathieu at moszumanska.debian.org
Thu Mar 23 19:02:23 UTC 2017 

This is an automated email from the git hooks/post-receive script.

sathieu pushed a commit to branch master
in repository samba.

commit 8e8f20eb003c1b6134f2d16779ad6b11e9dd1fa8
Author: Mathieu Parent <math.parent at gmail.com>
Date:   Wed Mar 22 08:01:38 2017 +0100

    Add additional changes required for the CVE-2017-2619 fix
    
    - s3/smbd: re-open directory after dptr_CloseDir()
    - s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag
---
 debian/patches/CVE-2017-2619.patch | 263 ++++++++++++++++++++++++++-----------
 1 file changed, 189 insertions(+), 74 deletions(-)

diff --git a/debian/patches/CVE-2017-2619.patch b/debian/patches/CVE-2017-2619.patch
index a82218f..c047135 100644
--- a/debian/patches/CVE-2017-2619.patch
+++ b/debian/patches/CVE-2017-2619.patch
@@ -1,20 +1,142 @@
-From 2f19e3e9770957112243f9945c7a7dd7bb99ae9f Mon Sep 17 00:00:00 2001
+From a863a6c430977a44c63c3c115365534c1d76ba9f Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow at samba.org>
+Date: Sun, 19 Mar 2017 15:58:17 +0100
+Subject: [PATCH 01/13] CVE-2017-2619: s3/smbd: re-open directory after
+ dptr_CloseDir()
+
+dptr_CloseDir() will close and invalidate the fsp's file descriptor, we
+have to reopen it.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496
+
+Signed-off-by: Ralph Boehme <slow at samba.org>
+Reviewed-by: Uri Simchoni <uri at samba.org>
+---
+ source3/smbd/smb2_query_directory.c | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/source3/smbd/smb2_query_directory.c b/source3/smbd/smb2_query_directory.c
+index e18a279..2af029b 100644
+--- a/source3/smbd/smb2_query_directory.c
++++ b/source3/smbd/smb2_query_directory.c
+@@ -24,6 +24,7 @@
+ #include "../libcli/smb/smb_common.h"
+ #include "trans2.h"
+ #include "../lib/util/tevent_ntstatus.h"
++#include "system/filesys.h"
+ 
+ static struct tevent_req *smbd_smb2_query_directory_send(TALLOC_CTX *mem_ctx,
+ 					      struct tevent_context *ev,
+@@ -322,7 +323,23 @@ static struct tevent_req *smbd_smb2_query_directory_send(TALLOC_CTX *mem_ctx,
+ 	}
+ 
+ 	if (in_flags & SMB2_CONTINUE_FLAG_REOPEN) {
++		int flags;
++
+ 		dptr_CloseDir(fsp);
++
++		/*
++		 * dptr_CloseDir() will close and invalidate the fsp's file
++		 * descriptor, we have to reopen it.
++		 */
++
++		flags = O_RDONLY;
++#ifdef O_DIRECTORY
++		flags |= O_DIRECTORY;
++#endif
++		status = fd_open(conn, fsp, flags, 0);
++		if (tevent_req_nterror(req, status)) {
++			return tevent_req_post(req, ev);
++		}
+ 	}
+ 
+ 	if (!smbreq->posix_pathnames) {
+-- 
+2.9.3
+
+
+From 9615ae174b79b577c502109a6a786cd7a0eba9b4 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow at samba.org>
+Date: Sun, 19 Mar 2017 18:52:10 +0100
+Subject: [PATCH 02/13] CVE-2017-2619: s4/torture: add SMB2_FIND tests with
+ SMB2_CONTINUE_FLAG_REOPEN flag
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496
+
+Signed-off-by: Ralph Boehme <slow at samba.org>
+Reviewed-by: Uri Simchoni <uri at samba.org>
+---
+ source4/torture/smb2/dir.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/source4/torture/smb2/dir.c b/source4/torture/smb2/dir.c
+index 98844b4..db8e456 100644
+--- a/source4/torture/smb2/dir.c
++++ b/source4/torture/smb2/dir.c
+@@ -674,7 +674,7 @@ bool fill_result(void *private_data,
+ 	return true;
+ }
+ 
+-enum continue_type {CONT_SINGLE, CONT_INDEX, CONT_RESTART};
++enum continue_type {CONT_SINGLE, CONT_INDEX, CONT_RESTART, CONT_REOPEN};
+ 
+ static NTSTATUS multiple_smb2_search(struct smb2_tree *tree,
+ 				     TALLOC_CTX *tctx,
+@@ -700,6 +700,9 @@ static NTSTATUS multiple_smb2_search(struct smb2_tree *tree,
+ 
+ 	/* The search should start from the beginning everytime */
+ 	f.in.continue_flags = SMB2_CONTINUE_FLAG_RESTART;
++	if (cont_type == CONT_REOPEN) {
++		f.in.continue_flags = SMB2_CONTINUE_FLAG_REOPEN;
++	}
+ 
+ 	do {
+ 		status = smb2_find_level(tree, tree, &f, &count, &d);
+@@ -803,18 +806,23 @@ static bool test_many_files(struct torture_context *tctx,
+ 		{"SMB2_FIND_BOTH_DIRECTORY_INFO",    "SINGLE",  SMB2_FIND_BOTH_DIRECTORY_INFO,    RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO,    CONT_SINGLE},
+ 		{"SMB2_FIND_BOTH_DIRECTORY_INFO",    "INDEX",   SMB2_FIND_BOTH_DIRECTORY_INFO,    RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO,    CONT_INDEX},
+ 		{"SMB2_FIND_BOTH_DIRECTORY_INFO",    "RESTART", SMB2_FIND_BOTH_DIRECTORY_INFO,    RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO,    CONT_RESTART},
++		{"SMB2_FIND_BOTH_DIRECTORY_INFO",    "REOPEN",  SMB2_FIND_BOTH_DIRECTORY_INFO,    RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO,    CONT_REOPEN},
+ 		{"SMB2_FIND_DIRECTORY_INFO",         "SINGLE",  SMB2_FIND_DIRECTORY_INFO,         RAW_SEARCH_DATA_DIRECTORY_INFO,         CONT_SINGLE},
+ 		{"SMB2_FIND_DIRECTORY_INFO",         "INDEX",   SMB2_FIND_DIRECTORY_INFO,         RAW_SEARCH_DATA_DIRECTORY_INFO,         CONT_INDEX},
+ 		{"SMB2_FIND_DIRECTORY_INFO",         "RESTART", SMB2_FIND_DIRECTORY_INFO,         RAW_SEARCH_DATA_DIRECTORY_INFO,         CONT_RESTART},
++		{"SMB2_FIND_DIRECTORY_INFO",         "REOPEN",  SMB2_FIND_DIRECTORY_INFO,         RAW_SEARCH_DATA_DIRECTORY_INFO,         CONT_REOPEN},
+ 		{"SMB2_FIND_FULL_DIRECTORY_INFO",    "SINGLE",  SMB2_FIND_FULL_DIRECTORY_INFO,    RAW_SEARCH_DATA_FULL_DIRECTORY_INFO,    CONT_SINGLE},
+ 		{"SMB2_FIND_FULL_DIRECTORY_INFO",    "INDEX",   SMB2_FIND_FULL_DIRECTORY_INFO,    RAW_SEARCH_DATA_FULL_DIRECTORY_INFO,    CONT_INDEX},
+ 		{"SMB2_FIND_FULL_DIRECTORY_INFO",    "RESTART", SMB2_FIND_FULL_DIRECTORY_INFO,    RAW_SEARCH_DATA_FULL_DIRECTORY_INFO,    CONT_RESTART},
++		{"SMB2_FIND_FULL_DIRECTORY_INFO",    "REOPEN",  SMB2_FIND_FULL_DIRECTORY_INFO,    RAW_SEARCH_DATA_FULL_DIRECTORY_INFO,    CONT_REOPEN},
+ 		{"SMB2_FIND_ID_FULL_DIRECTORY_INFO", "SINGLE",  SMB2_FIND_ID_FULL_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO, CONT_SINGLE},
+ 		{"SMB2_FIND_ID_FULL_DIRECTORY_INFO", "INDEX",   SMB2_FIND_ID_FULL_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO, CONT_INDEX},
+ 		{"SMB2_FIND_ID_FULL_DIRECTORY_INFO", "RESTART", SMB2_FIND_ID_FULL_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO, CONT_RESTART},
++		{"SMB2_FIND_ID_FULL_DIRECTORY_INFO", "REOPEN",  SMB2_FIND_ID_FULL_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO, CONT_REOPEN},
+ 		{"SMB2_FIND_ID_BOTH_DIRECTORY_INFO", "SINGLE",  SMB2_FIND_ID_BOTH_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO, CONT_SINGLE},
+ 		{"SMB2_FIND_ID_BOTH_DIRECTORY_INFO", "INDEX",   SMB2_FIND_ID_BOTH_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO, CONT_INDEX},
+-		{"SMB2_FIND_ID_BOTH_DIRECTORY_INFO", "RESTART", SMB2_FIND_ID_BOTH_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO, CONT_RESTART}
++		{"SMB2_FIND_ID_BOTH_DIRECTORY_INFO", "RESTART", SMB2_FIND_ID_BOTH_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO, CONT_RESTART},
++		{"SMB2_FIND_ID_BOTH_DIRECTORY_INFO", "REOPEN",  SMB2_FIND_ID_BOTH_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO, CONT_REOPEN},
+ 	};
+ 
+ 	smb2_deltree(tree, DNAME);
+-- 
+2.9.3
+
+
+From 5abff7718164ab21398211cb60824a65514ef36d Mon Sep 17 00:00:00 2001
 From: Jeremy Allison <jra at samba.org>
 Date: Mon, 19 Dec 2016 11:55:56 -0800
-Subject: [PATCH 01/11] s3: smbd: Create wrapper function for OpenDir in
- preparation for making robust.
-
-CVE-2017-2619
+Subject: [PATCH 03/13] CVE-2017-2619: s3: smbd: Create wrapper function for
+ OpenDir in preparation for making robust.
 
 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
 
 Signed-off-by: Jeremy Allison <jra at samba.org>
+Reviewed-by: Uri Simchoni <uri at samba.org>
 ---
  source3/smbd/dir.c | 15 ++++++++++++++-
  1 file changed, 14 insertions(+), 1 deletion(-)
 
 diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
-index 3c6f00096fa..b22d92d7ba9 100644
+index 3c6f000..b22d92d 100644
 --- a/source3/smbd/dir.c
 +++ b/source3/smbd/dir.c
 @@ -1630,7 +1630,8 @@ static int smb_Dir_destructor(struct smb_Dir *dirp)
@@ -47,26 +169,25 @@ index 3c6f00096fa..b22d92d7ba9 100644
   Open a directory from an fsp.
  ********************************************************************/
 -- 
-2.11.0.483.g087da7b7c-goog
+2.9.3
 
 
-From ee91b94ccb2497d24958f877d186a6e691d40c90 Mon Sep 17 00:00:00 2001
+From 8cbf7ff9e8ab3bfa765355ef292aed2d6e735378 Mon Sep 17 00:00:00 2001
 From: Jeremy Allison <jra at samba.org>
 Date: Mon, 19 Dec 2016 16:25:26 -0800
-Subject: [PATCH 02/11] s3: smbd: Opendir_internal() early return if
- SMB_VFS_OPENDIR failed.
-
-CVE-2017-2619
+Subject: [PATCH 04/13] CVE-2017-2619: s3: smbd: Opendir_internal() early
+ return if SMB_VFS_OPENDIR failed.
 
 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
 
 Signed-off-by: Jeremy Allison <jra at samba.org>
+Reviewed-by: Uri Simchoni <uri at samba.org>
 ---
  source3/smbd/dir.c | 18 +++++++++---------
  1 file changed, 9 insertions(+), 9 deletions(-)
 
 diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
-index b22d92d7ba9..a5d172a86e1 100644
+index b22d92d..a5d172a 100644
 --- a/source3/smbd/dir.c
 +++ b/source3/smbd/dir.c
 @@ -1643,6 +1643,15 @@ static struct smb_Dir *OpenDir_internal(TALLOC_CTX *mem_ctx,
@@ -102,28 +223,27 @@ index b22d92d7ba9..a5d172a86e1 100644
  
    fail:
 -- 
-2.11.0.483.g087da7b7c-goog
+2.9.3
 
 
-From 3bb7362356dfc1574544027a506f25a00dd83afe Mon Sep 17 00:00:00 2001
+From 421e6b8d3365cd4b5bb415eb2afc159f6f152c9e Mon Sep 17 00:00:00 2001
 From: Jeremy Allison <jra at samba.org>
 Date: Mon, 19 Dec 2016 16:35:00 -0800
-Subject: [PATCH 03/11] s3: smbd: Create and use open_dir_safely(). Use from
- OpenDir().
+Subject: [PATCH 05/13] CVE-2017-2619: s3: smbd: Create and use
+ open_dir_safely(). Use from OpenDir().
 
 Hardens OpenDir against TOC/TOU races.
 
-CVE-2017-2619
-
 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
 
 Signed-off-by: Jeremy Allison <jra at samba.org>
+Reviewed-by: Uri Simchoni <uri at samba.org>
 ---
  source3/smbd/dir.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++-----
  1 file changed, 70 insertions(+), 7 deletions(-)
 
 diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
-index a5d172a86e1..2b107a9b69b 100644
+index a5d172a..2b107a9 100644
 --- a/source3/smbd/dir.c
 +++ b/source3/smbd/dir.c
 @@ -1655,12 +1655,6 @@ static struct smb_Dir *OpenDir_internal(TALLOC_CTX *mem_ctx,
@@ -223,25 +343,25 @@ index a5d172a86e1..2b107a9b69b 100644
  				smb_dname,
  				mask,
 -- 
-2.11.0.483.g087da7b7c-goog
+2.9.3
 
 
-From 01bb5f73735699380a8ffedbd0f0cb0881989bd1 Mon Sep 17 00:00:00 2001
+From 075229ed491cb478a27a8210b86bad9af4f223fd Mon Sep 17 00:00:00 2001
 From: Jeremy Allison <jra at samba.org>
 Date: Mon, 19 Dec 2016 12:13:20 -0800
-Subject: [PATCH 04/11] s3: smbd: OpenDir_fsp() use early returns.
-
-CVE-2017-2619
+Subject: [PATCH 06/13] CVE-2017-2619: s3: smbd: OpenDir_fsp() use early
+ returns.
 
 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
 
 Signed-off-by: Jeremy Allison <jra at samba.org>
+Reviewed-by: Uri Simchoni <uri at samba.org>
 ---
  source3/smbd/dir.c | 34 +++++++++++++++++++++-------------
  1 file changed, 21 insertions(+), 13 deletions(-)
 
 diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
-index 2b107a9b69b..12edf80ee02 100644
+index 2b107a9..12edf80 100644
 --- a/source3/smbd/dir.c
 +++ b/source3/smbd/dir.c
 @@ -1761,7 +1761,17 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn,
@@ -293,25 +413,25 @@ index 2b107a9b69b..12edf80ee02 100644
  	}
  
 -- 
-2.11.0.483.g087da7b7c-goog
+2.9.3
 
 
-From 908b2e1afb7941326ea2073c6af50090c3684e8c Mon Sep 17 00:00:00 2001
+From 1d4810ede5aacd2b53ae5936e48a40811103c222 Mon Sep 17 00:00:00 2001
 From: Jeremy Allison <jra at samba.org>
 Date: Mon, 19 Dec 2016 12:15:59 -0800
-Subject: [PATCH 05/11] s3: smbd: OpenDir_fsp() - Fix memory leak on error.
-
-CVE-2017-2619
+Subject: [PATCH 07/13] CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory
+ leak on error.
 
 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
 
 Signed-off-by: Jeremy Allison <jra at samba.org>
+Reviewed-by: Uri Simchoni <uri at samba.org>
 ---
  source3/smbd/dir.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
-index 12edf80ee02..42e787bed6c 100644
+index 12edf80..42e787b 100644
 --- a/source3/smbd/dir.c
 +++ b/source3/smbd/dir.c
 @@ -1797,7 +1797,7 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn,
@@ -324,26 +444,25 @@ index 12edf80ee02..42e787bed6c 100644
  	}
  
 -- 
-2.11.0.483.g087da7b7c-goog
+2.9.3
 
 
-From 7accabaf866922852c58dc32483829803446ad64 Mon Sep 17 00:00:00 2001
+From ae9398a104e7df91356198708165c3d48df16be2 Mon Sep 17 00:00:00 2001
 From: Jeremy Allison <jra at samba.org>
 Date: Mon, 19 Dec 2016 12:32:07 -0800
-Subject: [PATCH 06/11] s3: smbd: Move the reference counting and destructor
- setup to just before retuning success.
-
-CVE-2017-2619
+Subject: [PATCH 08/13] CVE-2017-2619: s3: smbd: Move the reference counting
+ and destructor setup to just before retuning success.
 
 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
 
 Signed-off-by: Jeremy Allison <jra at samba.org>
+Reviewed-by: Uri Simchoni <uri at samba.org>
 ---
  source3/smbd/dir.c | 10 +++++-----
  1 file changed, 5 insertions(+), 5 deletions(-)
 
 diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
-index 42e787bed6c..2fd50850665 100644
+index 42e787b..2fd5085 100644
 --- a/source3/smbd/dir.c
 +++ b/source3/smbd/dir.c
 @@ -1783,11 +1783,6 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn,
@@ -371,26 +490,25 @@ index 42e787bed6c..2fd50850665 100644
  
    fail:
 -- 
-2.11.0.483.g087da7b7c-goog
+2.9.3
 
 
-From 7a8f9a3634713827d8f75efb4e744eb01e7bd122 Mon Sep 17 00:00:00 2001
+From 112f3faaf9854e4837ef9cf3a04a790b01a527b6 Mon Sep 17 00:00:00 2001
 From: Jeremy Allison <jra at samba.org>
 Date: Mon, 19 Dec 2016 12:35:32 -0800
-Subject: [PATCH 07/11] s3: smbd: Correctly fallback to open_dir_safely if
- FDOPENDIR not supported on system.
-
-CVE-2017-2619
+Subject: [PATCH 09/13] CVE-2017-2619: s3: smbd: Correctly fallback to
+ open_dir_safely if FDOPENDIR not supported on system.
 
 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
 
 Signed-off-by: Jeremy Allison <jra at samba.org>
+Reviewed-by: Uri Simchoni <uri at samba.org>
 ---
  source3/smbd/dir.c | 15 +++++----------
  1 file changed, 5 insertions(+), 10 deletions(-)
 
 diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
-index 2fd50850665..1348d12298c 100644
+index 2fd5085..1348d12 100644
 --- a/source3/smbd/dir.c
 +++ b/source3/smbd/dir.c
 @@ -1797,20 +1797,15 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn,
@@ -420,26 +538,25 @@ index 2fd50850665..1348d12298c 100644
  		sconn->searches.dirhandles_open++;
  	}
 -- 
-2.11.0.483.g087da7b7c-goog
+2.9.3
 
 
-From deb5684e98f0bde36bd288643f41c9555e399406 Mon Sep 17 00:00:00 2001
+From abb23d35ce6d49545fe5fe07fc4e98e8660bc71e Mon Sep 17 00:00:00 2001
 From: Jeremy Allison <jra at samba.org>
 Date: Thu, 15 Dec 2016 12:52:13 -0800
-Subject: [PATCH 08/11] s3: smbd: Remove O_NOFOLLOW guards. We insist on
- O_NOFOLLOW existing.
-
-CVE-2017-2619
+Subject: [PATCH 10/13] CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We
+ insist on O_NOFOLLOW existing.
 
 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
 
 Signed-off-by: Jeremy Allison <jra at samba.org>
+Reviewed-by: Uri Simchoni <uri at samba.org>
 ---
  source3/smbd/open.c | 6 +-----
  1 file changed, 1 insertion(+), 5 deletions(-)
 
 diff --git a/source3/smbd/open.c b/source3/smbd/open.c
-index f0a68c9d75c..9828c9981d5 100644
+index f0a68c9..9828c99 100644
 --- a/source3/smbd/open.c
 +++ b/source3/smbd/open.c
 @@ -366,8 +366,7 @@ NTSTATUS fd_open(struct connection_struct *conn,
@@ -474,26 +591,25 @@ index f0a68c9d75c..9828c9981d5 100644
  		if (errno == EMFILE) {
  			static time_t last_warned = 0L;
 -- 
-2.11.0.483.g087da7b7c-goog
+2.9.3
 
 
-From f6c258802e4bf58722dc089ee10186391b3367c1 Mon Sep 17 00:00:00 2001
+From a0c258f6da51caf767ed50a5f97eb1e3e2f87b18 Mon Sep 17 00:00:00 2001
 From: Jeremy Allison <jra at samba.org>
 Date: Thu, 15 Dec 2016 12:56:08 -0800
-Subject: [PATCH 09/11] s3: smbd: Move special handling of symlink errno's into
- a utility function.
-
-CVE-2017-2619
+Subject: [PATCH 11/13] CVE-2017-2619: s3: smbd: Move special handling of
+ symlink errno's into a utility function.
 
 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
 
 Signed-off-by: Jeremy Allison <jra at samba.org>
+Reviewed-by: Uri Simchoni <uri at samba.org>
 ---
  source3/smbd/open.c | 43 ++++++++++++++++++++++++++-----------------
  1 file changed, 26 insertions(+), 17 deletions(-)
 
 diff --git a/source3/smbd/open.c b/source3/smbd/open.c
-index 9828c9981d5..a72b4836376 100644
+index 9828c99..a72b483 100644
 --- a/source3/smbd/open.c
 +++ b/source3/smbd/open.c
 @@ -355,6 +355,31 @@ static NTSTATUS check_base_file_access(struct connection_struct *conn,
@@ -554,26 +670,25 @@ index 9828c9981d5..a72b4836376 100644
  		if (errno == EMFILE) {
  			static time_t last_warned = 0L;
 -- 
-2.11.0.483.g087da7b7c-goog
+2.9.3
 
 
-From c80b0c1320fe68ac4bd0888af97713feecde8b3e Mon Sep 17 00:00:00 2001
+From 1d03b8420bf201c2edcebcb165d2483549a5ab46 Mon Sep 17 00:00:00 2001
 From: Jeremy Allison <jra at samba.org>
 Date: Thu, 15 Dec 2016 13:04:46 -0800
-Subject: [PATCH 10/11] s3: smbd: Add the core functions to prevent symlink
- open races.
-
-CVE-2017-2619
+Subject: [PATCH 12/13] CVE-2017-2619: s3: smbd: Add the core functions to
+ prevent symlink open races.
 
 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
 
 Signed-off-by: Jeremy Allison <jra at samba.org>
+Reviewed-by: Uri Simchoni <uri at samba.org>
 ---
  source3/smbd/open.c | 238 ++++++++++++++++++++++++++++++++++++++++++++++++++++
  1 file changed, 238 insertions(+)
 
 diff --git a/source3/smbd/open.c b/source3/smbd/open.c
-index a72b4836376..d628d0be0d7 100644
+index a72b483..d628d0b 100644
 --- a/source3/smbd/open.c
 +++ b/source3/smbd/open.c
 @@ -379,6 +379,244 @@ static int link_errno_convert(int err)
@@ -822,25 +937,25 @@ index a72b4836376..d628d0be0d7 100644
   fd support routines - attempt to do a dos_open.
  ****************************************************************************/
 -- 
-2.11.0.483.g087da7b7c-goog
+2.9.3
 
 
-From cf5b572ff620231732acfc1fab8c4459f7887229 Mon Sep 17 00:00:00 2001
+From 74dc827ce1bc1fe29f9a5a587f2618dbee67ec94 Mon Sep 17 00:00:00 2001
 From: Jeremy Allison <jra at samba.org>
 Date: Thu, 15 Dec 2016 13:06:31 -0800
-Subject: [PATCH 11/11] s3: smbd: Use the new non_widelink_open() function.
-
-CVE-2017-2619
+Subject: [PATCH 13/13] CVE-2017-2619: s3: smbd: Use the new
+ non_widelink_open() function.
 
 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
 
 Signed-off-by: Jeremy Allison <jra at samba.org>
+Reviewed-by: Uri Simchoni <uri at samba.org>
 ---
  source3/smbd/open.c | 23 ++++++++++++++++++++++-
  1 file changed, 22 insertions(+), 1 deletion(-)
 
 diff --git a/source3/smbd/open.c b/source3/smbd/open.c
-index d628d0be0d7..006be91f09e 100644
+index d628d0b..006be91 100644
 --- a/source3/smbd/open.c
 +++ b/source3/smbd/open.c
 @@ -638,7 +638,28 @@ NTSTATUS fd_open(struct connection_struct *conn,
@@ -874,5 +989,5 @@ index d628d0be0d7..006be91f09e 100644
  		int posix_errno = link_errno_convert(errno);
  		status = map_nt_error_from_unix(posix_errno);
 -- 
-2.11.0.483.g087da7b7c-goog
+2.9.3
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git

More information about the Pkg-samba-maint mailing list