[Pkg-samba-maint] [Git][samba-team/samba][buster-security] 7 commits: CVE-2021-44142: libadouble: add defines for icon lengths
Salvatore Bonaccorso (@carnil)
gitlab at salsa.debian.org
Wed Feb 9 16:32:24 GMT 2022
Salvatore Bonaccorso pushed to branch buster-security at Debian Samba Team / samba
Commits:
642dc6bf by Ralph Boehme at 2022-02-03T20:25:40+01:00
CVE-2021-44142: libadouble: add defines for icon lengths
>From https://www.ietf.org/rfc/rfc1740.txt
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
1b46858b by Ralph Boehme at 2022-02-03T20:25:40+01:00
CVE-2021-44142: smbd: add Netatalk xattr used by vfs_fruit to the list of private Samba xattrs
This is an internal xattr that should not be user visible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow at samba.org>
[slow at samba.org: conflict due to changed includes in source3/smbd/trans2.c]
- - - - -
f82d9cde by Ralph Boehme at 2022-02-03T20:25:40+01:00
CVE-2021-44142: libadouble: harden ad_unpack_xattrs()
This ensures ad_unpack_xattrs() is only called for an ad_type of ADOUBLE_RSRC,
which is used for parsing ._ AppleDouble sidecar files, and the buffer
ad->ad_data is AD_XATTR_MAX_HDR_SIZE bytes large which is a prerequisite for all
buffer out-of-bounds access checks in ad_unpack_xattrs().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
8362cf6c by Noel Power at 2022-02-03T20:25:40+01:00
vfs_fruit: CVE-2021-44142 tweak buffer size check
- - - - -
7f9a469e by Ralph Boehme at 2022-02-03T20:29:24+01:00
CVE-2021-44142: libadouble: harden parsing code
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
27979f30 by Salvatore Bonaccorso at 2022-02-03T20:31:46+01:00
Add patches for CVE-2021-44142 (Closes: #1004693)
- - - - -
ba276fbb by Salvatore Bonaccorso at 2022-02-03T20:33:28+01:00
Prepare to release samba (2:4.9.5+dfsg-5+deb10u3).
- - - - -
5 changed files:
- debian/changelog
- + debian/patches/CVE-2021-44142.patch
- debian/patches/series
- source3/modules/vfs_fruit.c
- source3/smbd/trans2.c
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,16 @@
+samba (2:4.9.5+dfsg-5+deb10u3) buster-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Add patches for CVE-2021-44142 (Closes: #1004693)
+ - CVE-2021-44142: libadouble: add defines for icon lengths
+ - CVE-2021-44142: smbd: add Netatalk xattr used by vfs_fruit to the list
+ of private Samba xattrs
+ - CVE-2021-44142: libadouble: harden ad_unpack_xattrs()
+ - vfs_fruit: CVE-2021-44142 tweak buffer size check
+ - CVE-2021-44142: libadouble: harden parsing code
+
+ -- Salvatore Bonaccorso <carnil at debian.org> Thu, 03 Feb 2022 20:33:10 +0100
+
samba (2:4.9.5+dfsg-5+deb10u2) buster-security; urgency=high
* Non-maintainer upload by the Security Team.
=====================================
debian/patches/CVE-2021-44142.patch
=====================================
@@ -0,0 +1,337 @@
+From 642dc6bf10ac0aec92135dc72ae06985c0742a1f Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow at samba.org>
+Date: Thu, 13 Jan 2022 16:48:01 +0100
+Subject: [PATCH 1/5] CVE-2021-44142: libadouble: add defines for icon lengths
+
+From https://www.ietf.org/rfc/rfc1740.txt
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
+
+Signed-off-by: Ralph Boehme <slow at samba.org>
+---
+ source3/modules/vfs_fruit.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
+index 773186af42c9..4d3b2c6672a9 100644
+--- a/source3/modules/vfs_fruit.c
++++ b/source3/modules/vfs_fruit.c
+@@ -284,6 +284,8 @@ typedef enum {ADOUBLE_META, ADOUBLE_RSRC} adouble_type_t;
+ #define ADEDLEN_MACFILEI 4
+ #define ADEDLEN_PRODOSFILEI 8
+ #define ADEDLEN_MSDOSFILEI 2
++#define ADEDLEN_ICONBW 128
++#define ADEDLEN_ICONCOL 1024
+ #define ADEDLEN_DID 4
+ #define ADEDLEN_PRIVDEV 8
+ #define ADEDLEN_PRIVINO 8
+--
+2.34.1
+
+From 1b46858b2649fc029845c8e5ee4a0720fee5f3e7 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow at samba.org>
+Date: Sat, 20 Nov 2021 16:36:42 +0100
+Subject: [PATCH 2/5] CVE-2021-44142: smbd: add Netatalk xattr used by
+ vfs_fruit to the list of private Samba xattrs
+
+This is an internal xattr that should not be user visible.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
+
+Signed-off-by: Ralph Boehme <slow at samba.org>
+[slow at samba.org: conflict due to changed includes in source3/smbd/trans2.c]
+---
+ source3/smbd/trans2.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
+index 0ec1c5f2a6a6..b3f4c46a5fae 100644
+--- a/source3/smbd/trans2.c
++++ b/source3/smbd/trans2.c
+@@ -176,6 +176,16 @@ void aapl_force_zero_file_id(struct smbd_server_connection *sconn)
+ Refuse to allow clients to overwrite our private xattrs.
+ ****************************************************************************/
+
++/*
++ * Taken from vfs_fruit.c
++ */
++#define NETATALK_META_XATTR "org.netatalk.Metadata"
++#if defined(HAVE_ATTROPEN)
++#define AFPINFO_EA_NETATALK NETATALK_META_XATTR
++#else
++#define AFPINFO_EA_NETATALK "user." NETATALK_META_XATTR
++#endif
++
+ bool samba_private_attr_name(const char *unix_ea_name)
+ {
+ static const char * const prohibited_ea_names[] = {
+@@ -183,6 +193,7 @@ bool samba_private_attr_name(const char *unix_ea_name)
+ SAMBA_XATTR_DOS_ATTRIB,
+ SAMBA_XATTR_MARKER,
+ XATTR_NTACL_NAME,
++ AFPINFO_EA_NETATALK,
+ NULL
+ };
+
+--
+2.34.1
+
+From f82d9cde20c37836e9901161b52a1cf8b0629a9c Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow at samba.org>
+Date: Fri, 26 Nov 2021 07:19:32 +0100
+Subject: [PATCH 3/5] CVE-2021-44142: libadouble: harden ad_unpack_xattrs()
+
+This ensures ad_unpack_xattrs() is only called for an ad_type of ADOUBLE_RSRC,
+which is used for parsing ._ AppleDouble sidecar files, and the buffer
+ad->ad_data is AD_XATTR_MAX_HDR_SIZE bytes large which is a prerequisite for all
+buffer out-of-bounds access checks in ad_unpack_xattrs().
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
+
+Signed-off-by: Ralph Boehme <slow at samba.org>
+---
+ source3/modules/vfs_fruit.c | 22 ++++++++++++++++++----
+ 1 file changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
+index 4d3b2c6672a9..8857daf2ab5b 100644
+--- a/source3/modules/vfs_fruit.c
++++ b/source3/modules/vfs_fruit.c
+@@ -734,14 +734,27 @@ static bool ad_pack(struct adouble *ad)
+ static bool ad_unpack_xattrs(struct adouble *ad)
+ {
+ struct ad_xattr_header *h = &ad->adx_header;
++ size_t bufsize = talloc_get_size(ad->ad_data);
+ const char *p = ad->ad_data;
+ uint32_t hoff;
+ uint32_t i;
+
++ if (ad->ad_type != ADOUBLE_RSRC) {
++ return false;
++ }
++
+ if (ad_getentrylen(ad, ADEID_FINDERI) <= ADEDLEN_FINDERI) {
+ return true;
+ }
+
++ /*
++ * Ensure the buffer ad->ad_data was allocated by ad_alloc() for an
++ * ADOUBLE_RSRC type (._ AppleDouble file on-disk).
++ */
++ if (bufsize != AD_XATTR_MAX_HDR_SIZE) {
++ return false;
++ }
++
+ /* 2 bytes padding */
+ hoff = ad_getentryoff(ad, ADEID_FINDERI) + ADEDLEN_FINDERI + 2;
+
+@@ -991,11 +1004,12 @@ static bool ad_unpack(struct adouble *ad, const size_t nentries,
+ ad->ad_eid[eid].ade_len = len;
+ }
+
+- ok = ad_unpack_xattrs(ad);
+- if (!ok) {
+- return false;
++ if (ad->ad_type == ADOUBLE_RSRC) {
++ ok = ad_unpack_xattrs(ad);
++ if (!ok) {
++ return false;
++ }
+ }
+-
+ return true;
+ }
+
+--
+2.34.1
+
+From 8362cf6c7b028e2775ee2f1a3ad184acc346d643 Mon Sep 17 00:00:00 2001
+From: Noel Power <noel.power at suse.com>
+Date: Fri, 21 Jan 2022 14:52:53 +0000
+Subject: [PATCH 4/5] vfs_fruit: CVE-2021-44142 tweak buffer size check
+
+---
+ source3/modules/vfs_fruit.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
+index 8857daf2ab5b..510c5c19dee1 100644
+--- a/source3/modules/vfs_fruit.c
++++ b/source3/modules/vfs_fruit.c
+@@ -751,7 +751,7 @@ static bool ad_unpack_xattrs(struct adouble *ad)
+ * Ensure the buffer ad->ad_data was allocated by ad_alloc() for an
+ * ADOUBLE_RSRC type (._ AppleDouble file on-disk).
+ */
+- if (bufsize != AD_XATTR_MAX_HDR_SIZE) {
++ if (bufsize < AD_DATASZ_DOT_UND || bufsize > AD_XATTR_MAX_HDR_SIZE) {
+ return false;
+ }
+
+--
+2.34.1
+
+From 7f9a469eabbe4b639e32c19f8ebd50aa78ceed9b Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow at samba.org>
+Date: Thu, 13 Jan 2022 17:03:02 +0100
+Subject: [PATCH 5/5] CVE-2021-44142: libadouble: harden parsing code
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
+
+Signed-off-by: Ralph Boehme <slow at samba.org>
+---
+ source3/modules/vfs_fruit.c | 116 +++++++++++++++++++++++++++++++-----
+ 1 file changed, 101 insertions(+), 15 deletions(-)
+
+diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
+index 510c5c19dee1..6dcae0f7543b 100644
+--- a/source3/modules/vfs_fruit.c
++++ b/source3/modules/vfs_fruit.c
+@@ -547,6 +547,95 @@ static ssize_t afpinfo_pack(const AfpInfo *ai, char *buf);
+ static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data);
+
+
++/*
++ * All entries besides FinderInfo and resource fork must fit into the
++ * buffer. FinderInfo is special as it may be larger then the default 32 bytes
++ * if it contains marshalled xattrs, which we will fixup that in
++ * ad_convert(). The first 32 bytes however must also be part of the buffer.
++ *
++ * The resource fork is never accessed directly by the ad_data buf.
++ */
++static bool ad_entry_check_size(uint32_t eid,
++ size_t bufsize,
++ uint32_t off,
++ uint32_t got_len)
++{
++ struct {
++ off_t expected_len;
++ bool fixed_size;
++ bool minimum_size;
++ } ad_checks[] = {
++ [ADEID_DFORK] = {-1, false, false}, /* not applicable */
++ [ADEID_RFORK] = {-1, false, false}, /* no limit */
++ [ADEID_NAME] = {ADEDLEN_NAME, false, false},
++ [ADEID_COMMENT] = {ADEDLEN_COMMENT, false, false},
++ [ADEID_ICONBW] = {ADEDLEN_ICONBW, true, false},
++ [ADEID_ICONCOL] = {ADEDLEN_ICONCOL, false, false},
++ [ADEID_FILEI] = {ADEDLEN_FILEI, true, false},
++ [ADEID_FILEDATESI] = {ADEDLEN_FILEDATESI, true, false},
++ [ADEID_FINDERI] = {ADEDLEN_FINDERI, false, true},
++ [ADEID_MACFILEI] = {ADEDLEN_MACFILEI, true, false},
++ [ADEID_PRODOSFILEI] = {ADEDLEN_PRODOSFILEI, true, false},
++ [ADEID_MSDOSFILEI] = {ADEDLEN_MSDOSFILEI, true, false},
++ [ADEID_SHORTNAME] = {ADEDLEN_SHORTNAME, false, false},
++ [ADEID_AFPFILEI] = {ADEDLEN_AFPFILEI, true, false},
++ [ADEID_DID] = {ADEDLEN_DID, true, false},
++ [ADEID_PRIVDEV] = {ADEDLEN_PRIVDEV, true, false},
++ [ADEID_PRIVINO] = {ADEDLEN_PRIVINO, true, false},
++ [ADEID_PRIVSYN] = {ADEDLEN_PRIVSYN, true, false},
++ [ADEID_PRIVID] = {ADEDLEN_PRIVID, true, false},
++ };
++
++ if (eid >= ADEID_MAX) {
++ return false;
++ }
++ if (got_len == 0) {
++ /* Entry present, but empty, allow */
++ return true;
++ }
++ if (ad_checks[eid].expected_len == 0) {
++ /*
++ * Shouldn't happen: implicitly initialized to zero because
++ * explicit initializer missing.
++ */
++ return false;
++ }
++ if (ad_checks[eid].expected_len == -1) {
++ /* Unused or no limit */
++ return true;
++ }
++ if (ad_checks[eid].fixed_size) {
++ if (ad_checks[eid].expected_len != got_len) {
++ /* Wrong size fo fixed size entry. */
++ return false;
++ }
++ } else {
++ if (ad_checks[eid].minimum_size) {
++ if (got_len < ad_checks[eid].expected_len) {
++ /*
++ * Too small for variable sized entry with
++ * minimum size.
++ */
++ return false;
++ }
++ } else {
++ if (got_len > ad_checks[eid].expected_len) {
++ /* Too big for variable sized entry. */
++ return false;
++ }
++ }
++ }
++ if (off + got_len < off) {
++ /* wrap around */
++ return false;
++ }
++ if (off + got_len > bufsize) {
++ /* overflow */
++ return false;
++ }
++ return true;
++}
++
+ /**
+ * Return a pointer to an AppleDouble entry
+ *
+@@ -554,8 +643,15 @@ static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data);
+ **/
+ static char *ad_get_entry(const struct adouble *ad, int eid)
+ {
++ size_t bufsize = talloc_get_size(ad->ad_data);
+ off_t off = ad_getentryoff(ad, eid);
+ size_t len = ad_getentrylen(ad, eid);
++ bool valid;
++
++ valid = ad_entry_check_size(eid, bufsize, off, len);
++ if (!valid) {
++ return NULL;
++ }
+
+ if (off == 0 || len == 0) {
+ return NULL;
+@@ -619,7 +715,6 @@ static int ad_setdate(struct adouble *ad, unsigned int dateoff, uint32_t date)
+ return 0;
+ }
+
+-
+ /**
+ * Map on-disk AppleDouble id to enumerated id
+ **/
+@@ -941,20 +1036,11 @@ static bool ad_unpack(struct adouble *ad, const size_t nentries,
+ return false;
+ }
+
+- /*
+- * All entries besides FinderInfo and resource fork
+- * must fit into the buffer. FinderInfo is special as
+- * it may be larger then the default 32 bytes (if it
+- * contains marshalled xattrs), but we will fixup that
+- * in ad_convert(). And the resource fork is never
+- * accessed directly by the ad_data buf (also see
+- * comment above) anyway.
+- */
+- if ((eid != ADEID_RFORK) &&
+- (eid != ADEID_FINDERI) &&
+- ((off + len) > bufsize)) {
+- DEBUG(1, ("bogus eid %d: off: %" PRIu32 ", len: %" PRIu32 "\n",
+- eid, off, len));
++ ok = ad_entry_check_size(eid, bufsize, off, len);
++ if (!ok) {
++ DBG_ERR("bogus eid [%"PRIu32"] bufsize [%zu] "
++ "off [%"PRIu32"] len [%"PRIu32"]\n",
++ eid, bufsize, off, len);
+ return false;
+ }
+
+--
+2.34.1
+
=====================================
debian/patches/series
=====================================
@@ -18,3 +18,4 @@ CVE-2020-25717-only-4.9-v2.patch
lib-Add-dom_sid_str_buf.patch
bug-14901-v4-9.patch
waf-install-Remove-installation-of-PIDL-and-manpages.patch
+CVE-2021-44142.patch
=====================================
source3/modules/vfs_fruit.c
=====================================
@@ -284,6 +284,8 @@ typedef enum {ADOUBLE_META, ADOUBLE_RSRC} adouble_type_t;
#define ADEDLEN_MACFILEI 4
#define ADEDLEN_PRODOSFILEI 8
#define ADEDLEN_MSDOSFILEI 2
+#define ADEDLEN_ICONBW 128
+#define ADEDLEN_ICONCOL 1024
#define ADEDLEN_DID 4
#define ADEDLEN_PRIVDEV 8
#define ADEDLEN_PRIVINO 8
@@ -545,6 +547,95 @@ static ssize_t afpinfo_pack(const AfpInfo *ai, char *buf);
static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data);
+/*
+ * All entries besides FinderInfo and resource fork must fit into the
+ * buffer. FinderInfo is special as it may be larger then the default 32 bytes
+ * if it contains marshalled xattrs, which we will fixup that in
+ * ad_convert(). The first 32 bytes however must also be part of the buffer.
+ *
+ * The resource fork is never accessed directly by the ad_data buf.
+ */
+static bool ad_entry_check_size(uint32_t eid,
+ size_t bufsize,
+ uint32_t off,
+ uint32_t got_len)
+{
+ struct {
+ off_t expected_len;
+ bool fixed_size;
+ bool minimum_size;
+ } ad_checks[] = {
+ [ADEID_DFORK] = {-1, false, false}, /* not applicable */
+ [ADEID_RFORK] = {-1, false, false}, /* no limit */
+ [ADEID_NAME] = {ADEDLEN_NAME, false, false},
+ [ADEID_COMMENT] = {ADEDLEN_COMMENT, false, false},
+ [ADEID_ICONBW] = {ADEDLEN_ICONBW, true, false},
+ [ADEID_ICONCOL] = {ADEDLEN_ICONCOL, false, false},
+ [ADEID_FILEI] = {ADEDLEN_FILEI, true, false},
+ [ADEID_FILEDATESI] = {ADEDLEN_FILEDATESI, true, false},
+ [ADEID_FINDERI] = {ADEDLEN_FINDERI, false, true},
+ [ADEID_MACFILEI] = {ADEDLEN_MACFILEI, true, false},
+ [ADEID_PRODOSFILEI] = {ADEDLEN_PRODOSFILEI, true, false},
+ [ADEID_MSDOSFILEI] = {ADEDLEN_MSDOSFILEI, true, false},
+ [ADEID_SHORTNAME] = {ADEDLEN_SHORTNAME, false, false},
+ [ADEID_AFPFILEI] = {ADEDLEN_AFPFILEI, true, false},
+ [ADEID_DID] = {ADEDLEN_DID, true, false},
+ [ADEID_PRIVDEV] = {ADEDLEN_PRIVDEV, true, false},
+ [ADEID_PRIVINO] = {ADEDLEN_PRIVINO, true, false},
+ [ADEID_PRIVSYN] = {ADEDLEN_PRIVSYN, true, false},
+ [ADEID_PRIVID] = {ADEDLEN_PRIVID, true, false},
+ };
+
+ if (eid >= ADEID_MAX) {
+ return false;
+ }
+ if (got_len == 0) {
+ /* Entry present, but empty, allow */
+ return true;
+ }
+ if (ad_checks[eid].expected_len == 0) {
+ /*
+ * Shouldn't happen: implicitly initialized to zero because
+ * explicit initializer missing.
+ */
+ return false;
+ }
+ if (ad_checks[eid].expected_len == -1) {
+ /* Unused or no limit */
+ return true;
+ }
+ if (ad_checks[eid].fixed_size) {
+ if (ad_checks[eid].expected_len != got_len) {
+ /* Wrong size fo fixed size entry. */
+ return false;
+ }
+ } else {
+ if (ad_checks[eid].minimum_size) {
+ if (got_len < ad_checks[eid].expected_len) {
+ /*
+ * Too small for variable sized entry with
+ * minimum size.
+ */
+ return false;
+ }
+ } else {
+ if (got_len > ad_checks[eid].expected_len) {
+ /* Too big for variable sized entry. */
+ return false;
+ }
+ }
+ }
+ if (off + got_len < off) {
+ /* wrap around */
+ return false;
+ }
+ if (off + got_len > bufsize) {
+ /* overflow */
+ return false;
+ }
+ return true;
+}
+
/**
* Return a pointer to an AppleDouble entry
*
@@ -552,8 +643,15 @@ static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data);
**/
static char *ad_get_entry(const struct adouble *ad, int eid)
{
+ size_t bufsize = talloc_get_size(ad->ad_data);
off_t off = ad_getentryoff(ad, eid);
size_t len = ad_getentrylen(ad, eid);
+ bool valid;
+
+ valid = ad_entry_check_size(eid, bufsize, off, len);
+ if (!valid) {
+ return NULL;
+ }
if (off == 0 || len == 0) {
return NULL;
@@ -617,7 +715,6 @@ static int ad_setdate(struct adouble *ad, unsigned int dateoff, uint32_t date)
return 0;
}
-
/**
* Map on-disk AppleDouble id to enumerated id
**/
@@ -732,14 +829,27 @@ static bool ad_pack(struct adouble *ad)
static bool ad_unpack_xattrs(struct adouble *ad)
{
struct ad_xattr_header *h = &ad->adx_header;
+ size_t bufsize = talloc_get_size(ad->ad_data);
const char *p = ad->ad_data;
uint32_t hoff;
uint32_t i;
+ if (ad->ad_type != ADOUBLE_RSRC) {
+ return false;
+ }
+
if (ad_getentrylen(ad, ADEID_FINDERI) <= ADEDLEN_FINDERI) {
return true;
}
+ /*
+ * Ensure the buffer ad->ad_data was allocated by ad_alloc() for an
+ * ADOUBLE_RSRC type (._ AppleDouble file on-disk).
+ */
+ if (bufsize < AD_DATASZ_DOT_UND || bufsize > AD_XATTR_MAX_HDR_SIZE) {
+ return false;
+ }
+
/* 2 bytes padding */
hoff = ad_getentryoff(ad, ADEID_FINDERI) + ADEDLEN_FINDERI + 2;
@@ -926,20 +1036,11 @@ static bool ad_unpack(struct adouble *ad, const size_t nentries,
return false;
}
- /*
- * All entries besides FinderInfo and resource fork
- * must fit into the buffer. FinderInfo is special as
- * it may be larger then the default 32 bytes (if it
- * contains marshalled xattrs), but we will fixup that
- * in ad_convert(). And the resource fork is never
- * accessed directly by the ad_data buf (also see
- * comment above) anyway.
- */
- if ((eid != ADEID_RFORK) &&
- (eid != ADEID_FINDERI) &&
- ((off + len) > bufsize)) {
- DEBUG(1, ("bogus eid %d: off: %" PRIu32 ", len: %" PRIu32 "\n",
- eid, off, len));
+ ok = ad_entry_check_size(eid, bufsize, off, len);
+ if (!ok) {
+ DBG_ERR("bogus eid [%"PRIu32"] bufsize [%zu] "
+ "off [%"PRIu32"] len [%"PRIu32"]\n",
+ eid, bufsize, off, len);
return false;
}
@@ -989,11 +1090,12 @@ static bool ad_unpack(struct adouble *ad, const size_t nentries,
ad->ad_eid[eid].ade_len = len;
}
- ok = ad_unpack_xattrs(ad);
- if (!ok) {
- return false;
+ if (ad->ad_type == ADOUBLE_RSRC) {
+ ok = ad_unpack_xattrs(ad);
+ if (!ok) {
+ return false;
+ }
}
-
return true;
}
=====================================
source3/smbd/trans2.c
=====================================
@@ -176,6 +176,16 @@ void aapl_force_zero_file_id(struct smbd_server_connection *sconn)
Refuse to allow clients to overwrite our private xattrs.
****************************************************************************/
+/*
+ * Taken from vfs_fruit.c
+ */
+#define NETATALK_META_XATTR "org.netatalk.Metadata"
+#if defined(HAVE_ATTROPEN)
+#define AFPINFO_EA_NETATALK NETATALK_META_XATTR
+#else
+#define AFPINFO_EA_NETATALK "user." NETATALK_META_XATTR
+#endif
+
bool samba_private_attr_name(const char *unix_ea_name)
{
static const char * const prohibited_ea_names[] = {
@@ -183,6 +193,7 @@ bool samba_private_attr_name(const char *unix_ea_name)
SAMBA_XATTR_DOS_ATTRIB,
SAMBA_XATTR_MARKER,
XATTR_NTACL_NAME,
+ AFPINFO_EA_NETATALK,
NULL
};
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/6abbb5ee46bee080b3a0d79c7b06410f68895dbf...ba276fbb044606274ea114ff121f7b8edcc3f5ab
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/6abbb5ee46bee080b3a0d79c7b06410f68895dbf...ba276fbb044606274ea114ff121f7b8edcc3f5ab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20220209/c9b6a506/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list