[Pkg-samba-maint] [Git][samba-team/samba][master] 3 commits: fruit-disable-useless-size_t-overflow-check.patch (#974868)

Mon Nov 21 17:43:34 GMT 2022


Michael Tokarev pushed to branch master at Debian Samba Team / samba


Commits:
d37272a2 by Michael Tokarev at 2022-11-21T20:41:36+03:00
fruit-disable-useless-size_t-overflow-check.patch (#974868)

- - - - -
8cd4aa4e by Michael Tokarev at 2022-11-21T20:41:36+03:00
CVE-2022-42898-lib-krb5-fix-_krb5_get_int64-on-32bit.patch

Fix regression on 32bit systems:
https://bugzilla.samba.org/show_bug.cgi?id=15203

- - - - -
244eeced by Michael Tokarev at 2022-11-21T20:42:11+03:00
update changelog; upload 4.17.3+dfsg-2 to unstable

- - - - -


4 changed files:

- debian/changelog
- + debian/patches/CVE-2022-42898-lib-krb5-fix-_krb5_get_int64-on-32bit.patch
- + debian/patches/fruit-disable-useless-size_t-overflow-check.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,12 @@
+samba (2:4.17.3+dfsg-2) unstable; urgency=medium
+
+  * fruit-disable-useless-size_t-overflow-check.patch (Closes: #974868)
+  * CVE-2022-42898-lib-krb5-fix-_krb5_get_int64-on-32bit.patch
+    Fix regression on 32bit systems:
+    https://bugzilla.samba.org/show_bug.cgi?id=15203
+
+ -- Michael Tokarev <mjt at tls.msk.ru>  Mon, 21 Nov 2022 20:41:46 +0300
+
 samba (2:4.17.3+dfsg-1) unstable; urgency=medium
 
   * new upstream security release 4.17.3, fixing the following issue:


=====================================
debian/patches/CVE-2022-42898-lib-krb5-fix-_krb5_get_int64-on-32bit.patch
=====================================
@@ -0,0 +1,30 @@
+From 009ccbafebf2911fa5385de5e2ebded4f6b8fc58 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze at samba.org>
+Date: Wed, 16 Nov 2022 12:08:45 +0100
+Subject: [PATCH] CVE-2022-42898: HEIMDAL: lib/krb5: fix _krb5_get_int64 on
+ systems where 'unsigned long' is just 32-bit
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15203
+
+Signed-off-by: Stefan Metzmacher <metze at samba.org>
+Reviewed-by: Ralph Boehme <slow at samba.org>
+---
+ third_party/heimdal/lib/krb5/store-int.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/third_party/heimdal/lib/krb5/store-int.c b/third_party/heimdal/lib/krb5/store-int.c
+index 542b99abc089..6fe7eb37fc69 100644
+--- a/third_party/heimdal/lib/krb5/store-int.c
++++ b/third_party/heimdal/lib/krb5/store-int.c
+@@ -49,7 +49,7 @@ KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL
+ _krb5_get_int64(void *buffer, uint64_t *value, size_t size)
+ {
+     unsigned char *p = buffer;
+-    unsigned long v = 0;
++    uint64_t v = 0;
+     size_t i;
+     for (i = 0; i < size; i++)
+ 	v = (v << 8) + p[i];
+-- 
+2.34.1
+


=====================================
debian/patches/fruit-disable-useless-size_t-overflow-check.patch
=====================================
@@ -0,0 +1,53 @@
+From e4bf63c976b0e3253f980360b2fe6244092b777c Mon Sep 17 00:00:00 2001
+From: Michael Tokarev <mjt at tls.msk.ru>
+Date: Thu, 17 Nov 2022 23:51:03 +0300
+Subject: [PATCH] fruit: disable useless size_t oveflow check
+Bug-Debian: http://bugs.debian.org/974868
+
+As has been said several times in
+https://bugzilla.samba.org/show_bug.cgi?id=13622 ,
+the check 'bandsize > SIZE_MAX/nbands' is useless.  But it
+is also wrong, in 2 ways: first, nbands might be 0 (when
+no bands has been allocated yet), and second, there's no
+point in comparing this with SIZE_MAX, since size_t on 32bit
+platforms is a 32bit integer, while bandsize is off_t which
+is 64bits (samba always enables LFS).
+
+This check causes the module to fail when bandsize*nbands
+exceeds 32bits, which has been reported for example at
+https://bugs.debian.org/974868 .
+
+Whole thing can't overflow because it is already guarded
+by time_machine_max_size.  Or at the very least, by current
+disk sizes... :)
+
+Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
+---
+ source3/modules/vfs_fruit.c | 11 -----------
+ 1 file changed, 11 deletions(-)
+
+diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
+index 4058d4834e7..8e31e74f2a6 100644
+--- a/source3/modules/vfs_fruit.c
++++ b/source3/modules/vfs_fruit.c
+@@ -5273,17 +5273,6 @@ static bool fruit_tmsize_do_dirent(vfs_handle_struct *handle,
+ 		return true;
+ 	}
+ 
+-	/*
+-	 * Arithmetic on 32-bit systems may cause overflow, depending on
+-	 * size_t precision. First we check its unlikely, then we
+-	 * force the precision into target off_t, then we check that
+-	 * the total did not overflow either.
+-	 */
+-	if (bandsize > SIZE_MAX/nbands) {
+-		DBG_ERR("tmsize potential overflow: bandsize [%zu] nbands [%zu]\n",
+-			bandsize, nbands);
+-		return false;
+-	}
+ 	tm_size = (off_t)bandsize * (off_t)nbands;
+ 
+ 	if (state->total_size + tm_size < state->total_size) {
+-- 
+2.30.2
+


=====================================
debian/patches/series
=====================================
@@ -20,3 +20,5 @@ add-missing-libs-deps.diff
 spelling.patch
 unwrap-getresgid-typo.patch
 nsswitch-pam-data-time_t.patch
+fruit-disable-useless-size_t-overflow-check.patch
+CVE-2022-42898-lib-krb5-fix-_krb5_get_int64-on-32bit.patch



View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/04169605d239491bfe28cf070bc9aabe77a1a9b6...244eecedaa7e790b169a384ec9fc93d73b8a1c15

-- 
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/04169605d239491bfe28cf070bc9aabe77a1a9b6...244eecedaa7e790b169a384ec9fc93d73b8a1c15
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20221121/46858369/attachment-0001.htm>
