aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2003-04-07 21:34:58 +0800
committernectar <nectar@FreeBSD.org>2003-04-07 21:34:58 +0800
commit0d554bef5d7b44e7f953860702b29d5b007a3dd7 (patch)
treea818071f740b01643660dffa7e3667e91dabe75f
parent5ffd4c4bf35caf9f25e7b3afae06f3b19e216e18 (diff)
downloadfreebsd-ports-gnome-0d554bef5d7b44e7f953860702b29d5b007a3dd7.tar.gz
freebsd-ports-gnome-0d554bef5d7b44e7f953860702b29d5b007a3dd7.tar.zst
freebsd-ports-gnome-0d554bef5d7b44e7f953860702b29d5b007a3dd7.zip
Add patch to correct remote root vulnerability.
This vulnerability is being exploited in the wild.
-rw-r--r--net/samba/Makefile2
-rw-r--r--net/samba/files/patch-security-aa22
-rw-r--r--net/samba/files/patch-security-ab23
-rw-r--r--net/samba/files/patch-security-ac12
-rw-r--r--net/samba/files/patch-security-ad12
-rw-r--r--net/samba/files/patch-security-ae7
6 files changed, 77 insertions, 1 deletions
diff --git a/net/samba/Makefile b/net/samba/Makefile
index 98f8dbc43b71..3b0f7ba491c2 100644
--- a/net/samba/Makefile
+++ b/net/samba/Makefile
@@ -7,7 +7,7 @@
PORTNAME= samba
PORTVERSION= 2.2.8
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= net
MASTER_SITES= http://us3.samba.org/samba/ftp/%SUBDIR%/ \
http://us4.samba.org/samba/ftp/%SUBDIR%/ \
diff --git a/net/samba/files/patch-security-aa b/net/samba/files/patch-security-aa
new file mode 100644
index 000000000000..e88e02744d9c
--- /dev/null
+++ b/net/samba/files/patch-security-aa
@@ -0,0 +1,22 @@
+diff -u -r --new-file --exclude=CVS source/smbd/trans2.c samba-2.2.8a/source/smbd/trans2.c
+--- source/smbd/trans2.c 2003-03-14 15:34:49.000000000 -0600
++++ source/smbd/trans2.c 2003-04-05 12:38:22.000000000 -0600
+@@ -217,7 +217,6 @@
+ int16 open_ofun;
+ int32 open_size;
+ char *pname;
+- int16 namelen;
+
+ pstring fname;
+ mode_t unixmode;
+@@ -247,9 +246,8 @@
+ open_ofun = SVAL(params,12);
+ open_size = IVAL(params,14);
+ pname = &params[28];
+- namelen = strlen(pname)+1;
+
+- StrnCpy(fname,pname,namelen);
++ pstrcpy(fname, pname);
+
+ DEBUG(3,("trans2open %s mode=%d attr=%d ofun=%d size=%d\n",
+ fname,open_mode, open_attr, open_ofun, open_size));
diff --git a/net/samba/files/patch-security-ab b/net/samba/files/patch-security-ab
new file mode 100644
index 000000000000..76b09577b9b1
--- /dev/null
+++ b/net/samba/files/patch-security-ab
@@ -0,0 +1,23 @@
+diff -u -r --new-file --exclude=CVS source/smbd/reply.c samba-2.2.8a/source/smbd/reply.c
+--- source/smbd/reply.c 2003-03-14 15:34:49.000000000 -0600
++++ source/smbd/reply.c 2003-04-05 14:16:35.000000000 -0600
+@@ -1500,6 +1500,9 @@
+
+ for (i=numentries;(i<maxentries) && !finished;i++)
+ {
++ /* check to make sure we have room in the buffer */
++ if ( ((PTR_DIFF(p, outbuf))+DIR_STRUCT_SIZE) > BUFFER_SIZE )
++ break;
+ finished =
+ !get_dir_entry(conn,mask,dirtype,fname,&size,&mode,&date,check_descend);
+ if (!finished)
+@@ -3528,6 +3531,9 @@
+
+
+ for (i=first;i<first+num_to_get;i++) {
++ /* check to make sure we have room in the buffer */
++ if ( (PTR_DIFF(p, outbuf)+28) > BUFFER_SIZE )
++ break;
+ put_dos_date2(p,0,queue[i].time);
+ SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3));
+ SSVAL(p,5, queue[i].job);
diff --git a/net/samba/files/patch-security-ac b/net/samba/files/patch-security-ac
new file mode 100644
index 000000000000..10887607716b
--- /dev/null
+++ b/net/samba/files/patch-security-ac
@@ -0,0 +1,12 @@
+diff -u -r --new-file --exclude=CVS source/smbd/statcache.c samba-2.2.8a/source/smbd/statcache.c
+--- source/smbd/statcache.c 2001-10-11 04:34:37.000000000 -0500
++++ source/smbd/statcache.c 2003-04-04 16:02:33.000000000 -0600
+@@ -88,7 +88,7 @@
+ * StrnCpy always null terminates.
+ */
+
+- StrnCpy(orig_name, full_orig_name, namelen);
++ StrnCpy(orig_name, full_orig_name, MIN(namelen, sizeof(orig_name)-1));
+ if(!case_sensitive)
+ strupper( orig_name );
+
diff --git a/net/samba/files/patch-security-ad b/net/samba/files/patch-security-ad
new file mode 100644
index 000000000000..7c05bc1f1730
--- /dev/null
+++ b/net/samba/files/patch-security-ad
@@ -0,0 +1,12 @@
+diff -u -r --new-file --exclude=CVS source/smbd/password.c samba-2.2.8a/source/smbd/password.c
+--- source/smbd/password.c 2003-03-14 15:34:49.000000000 -0600
++++ source/smbd/password.c 2003-04-04 16:02:33.000000000 -0600
+@@ -816,7 +816,7 @@
+ if (!ok && lp_username(snum)) {
+ char *auser;
+ pstring user_list;
+- StrnCpy(user_list,lp_username(snum),sizeof(pstring));
++ StrnCpy(user_list,lp_username(snum),sizeof(pstring)-1);
+
+ pstring_sub(user_list,"%S",lp_servicename(snum));
+
diff --git a/net/samba/files/patch-security-ae b/net/samba/files/patch-security-ae
new file mode 100644
index 000000000000..e47c4fdadd93
--- /dev/null
+++ b/net/samba/files/patch-security-ae
@@ -0,0 +1,7 @@
+*** source/include/version.h.orig Sat Apr 5 10:00:34 2003
+--- source/include/version.h Sat Apr 5 10:00:39 2003
+***************
+*** 1 ****
+! #define VERSION "2.2.8"
+--- 1 ----
+! #define VERSION "2.2.8p1"