[Pkg-samba-maint] [samba] 08/12: CVE-2017-12150: s3:libsmb: only fallback to anonymous if authentication was not requested

Mathieu Parent sathieu at moszumanska.debian.org
Thu Sep 21 07:26:02 UTC 2017


This is an automated email from the git hooks/post-receive script.

sathieu pushed a commit to branch stretch-security
in repository samba.

commit 58ea302cd4cec1f96e16b4c6fbbbd21b3bd2b041
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Dec 12 06:07:56 2016 +0100

    CVE-2017-12150: s3:libsmb: only fallback to anonymous if authentication was not requested
    
    With forced encryption or required signing we should also don't fallback.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/libsmb/clidfs.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index d2a4c19..3b3e6b9 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -203,7 +203,9 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
 		/* If a password was not supplied then
 		 * try again with a null username. */
 		if (password[0] || !username[0] ||
+			force_encrypt || smbXcli_conn_signing_mandatory(c->conn) ||
 			get_cmdline_auth_info_use_kerberos(auth_info) ||
+			get_cmdline_auth_info_use_ccache(auth_info) ||
 			!NT_STATUS_IS_OK(status = cli_session_setup(c, "",
 				    		"", 0,
 						"", 0,

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git




More information about the Pkg-samba-maint mailing list