[Pkg-samba-maint] [samba] 02/12: CVE-2017-12150: s3:popt_common: don't turn a guessed username into a specified one

[Mathieu Parent]

This is an automated email from the git hooks/post-receive script.

sathieu pushed a commit to branch master
in repository samba.

commit d1ca5a2cce10b42cbcd270c0fd6d0119ad4e19e2
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Aug 29 17:06:21 2017 +0200

    CVE-2017-12150: s3:popt_common: don't turn a guessed username into a specified one
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source3/include/auth_info.h |  1 +
 source3/lib/popt_common.c   |  6 +-----
 source3/lib/util_cmdline.c  | 29 +++++++++++++++++++++++++++++
 3 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/source3/include/auth_info.h b/source3/include/auth_info.h
index c6f71ad..8212c27 100644
--- a/source3/include/auth_info.h
+++ b/source3/include/auth_info.h
@@ -29,6 +29,7 @@ void set_cmdline_auth_info_from_file(struct user_auth_info *auth_info,
 const char *get_cmdline_auth_info_username(const struct user_auth_info *auth_info);
 void set_cmdline_auth_info_username(struct user_auth_info *auth_info,
 				    const char *username);
+void reset_cmdline_auth_info_username(struct user_auth_info *auth_info);
 const char *get_cmdline_auth_info_domain(const struct user_auth_info *auth_info);
 void set_cmdline_auth_info_domain(struct user_auth_info *auth_info,
 				  const char *domain);
diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c
index 9928c70..36b5e92 100644
--- a/source3/lib/popt_common.c
+++ b/source3/lib/popt_common.c
@@ -238,7 +238,6 @@ void popt_common_credentials_set_delay_post(void)
 void popt_common_credentials_post(void)
 {
 	struct user_auth_info *auth_info = cmdline_auth_info;
-	const char *username = NULL;
 
 	if (get_cmdline_auth_info_use_machine_account(auth_info) &&
 	    !set_cmdline_auth_info_machine_account_creds(auth_info))
@@ -259,10 +258,7 @@ void popt_common_credentials_post(void)
 	 * correctly parsed yet. If we have a username we need to set it again
 	 * to run the string parser for the username correctly.
 	 */
-	username = get_cmdline_auth_info_username(auth_info);
-	if (username != NULL && username[0] != '\0') {
-		set_cmdline_auth_info_username(auth_info, username);
-	}
+	reset_cmdline_auth_info_username(auth_info);
 }
 
 static void popt_common_credentials_callback(poptContext con,
diff --git a/source3/lib/util_cmdline.c b/source3/lib/util_cmdline.c
index ad51a4f..80142e2 100644
--- a/source3/lib/util_cmdline.c
+++ b/source3/lib/util_cmdline.c
@@ -37,6 +37,7 @@
 struct user_auth_info {
 	struct cli_credentials *creds;
 	struct loadparm_context *lp_ctx;
+	bool got_username;
 	bool got_pass;
 	int signing_state;
 	bool smb_encrypt;
@@ -93,6 +94,7 @@ void set_cmdline_auth_info_from_file(struct user_auth_info *auth_info,
 	if (!ok) {
 		exit(EIO);
 	}
+	auth_info->got_username = true;
 }
 
 const char *get_cmdline_auth_info_username(const struct user_auth_info *auth_info)
@@ -123,11 +125,38 @@ void set_cmdline_auth_info_username(struct user_auth_info *auth_info,
 		exit(ENOMEM);
 	}
 
+	auth_info->got_username = true;
 	if (strchr_m(username, '%') != NULL) {
 		auth_info->got_pass = true;
 	}
 }
 
+void reset_cmdline_auth_info_username(struct user_auth_info *auth_info)
+{
+	const char *username = NULL;
+	const char *new_val = NULL;
+
+	if (!auth_info->got_username) {
+		return;
+	}
+
+	username = cli_credentials_get_username(auth_info->creds);
+	if (username == NULL) {
+		return;
+	}
+	if (username[0] == '\0') {
+		return;
+	}
+
+	cli_credentials_parse_string(auth_info->creds,
+				     username,
+				     CRED_SPECIFIED);
+	new_val = cli_credentials_get_username(auth_info->creds);
+	if (new_val == NULL) {
+		exit(ENOMEM);
+	}
+}
+
 const char *get_cmdline_auth_info_domain(const struct user_auth_info *auth_info)
 {
 	const char *domain = NULL;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git