diff options
author | nectar <nectar@FreeBSD.org> | 2003-04-07 21:34:58 +0800 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2003-04-07 21:34:58 +0800 |
commit | 0d554bef5d7b44e7f953860702b29d5b007a3dd7 (patch) | |
tree | a818071f740b01643660dffa7e3667e91dabe75f | |
parent | 5ffd4c4bf35caf9f25e7b3afae06f3b19e216e18 (diff) | |
download | freebsd-ports-gnome-0d554bef5d7b44e7f953860702b29d5b007a3dd7.tar.gz freebsd-ports-gnome-0d554bef5d7b44e7f953860702b29d5b007a3dd7.tar.zst freebsd-ports-gnome-0d554bef5d7b44e7f953860702b29d5b007a3dd7.zip |
Add patch to correct remote root vulnerability.
This vulnerability is being exploited in the wild.
-rw-r--r-- | net/samba/Makefile | 2 | ||||
-rw-r--r-- | net/samba/files/patch-security-aa | 22 | ||||
-rw-r--r-- | net/samba/files/patch-security-ab | 23 | ||||
-rw-r--r-- | net/samba/files/patch-security-ac | 12 | ||||
-rw-r--r-- | net/samba/files/patch-security-ad | 12 | ||||
-rw-r--r-- | net/samba/files/patch-security-ae | 7 |
6 files changed, 77 insertions, 1 deletions
diff --git a/net/samba/Makefile b/net/samba/Makefile index 98f8dbc43b71..3b0f7ba491c2 100644 --- a/net/samba/Makefile +++ b/net/samba/Makefile @@ -7,7 +7,7 @@ PORTNAME= samba PORTVERSION= 2.2.8 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= net MASTER_SITES= http://us3.samba.org/samba/ftp/%SUBDIR%/ \ http://us4.samba.org/samba/ftp/%SUBDIR%/ \ diff --git a/net/samba/files/patch-security-aa b/net/samba/files/patch-security-aa new file mode 100644 index 000000000000..e88e02744d9c --- /dev/null +++ b/net/samba/files/patch-security-aa @@ -0,0 +1,22 @@ +diff -u -r --new-file --exclude=CVS source/smbd/trans2.c samba-2.2.8a/source/smbd/trans2.c +--- source/smbd/trans2.c 2003-03-14 15:34:49.000000000 -0600 ++++ source/smbd/trans2.c 2003-04-05 12:38:22.000000000 -0600 +@@ -217,7 +217,6 @@ + int16 open_ofun; + int32 open_size; + char *pname; +- int16 namelen; + + pstring fname; + mode_t unixmode; +@@ -247,9 +246,8 @@ + open_ofun = SVAL(params,12); + open_size = IVAL(params,14); + pname = ¶ms[28]; +- namelen = strlen(pname)+1; + +- StrnCpy(fname,pname,namelen); ++ pstrcpy(fname, pname); + + DEBUG(3,("trans2open %s mode=%d attr=%d ofun=%d size=%d\n", + fname,open_mode, open_attr, open_ofun, open_size)); diff --git a/net/samba/files/patch-security-ab b/net/samba/files/patch-security-ab new file mode 100644 index 000000000000..76b09577b9b1 --- /dev/null +++ b/net/samba/files/patch-security-ab @@ -0,0 +1,23 @@ +diff -u -r --new-file --exclude=CVS source/smbd/reply.c samba-2.2.8a/source/smbd/reply.c +--- source/smbd/reply.c 2003-03-14 15:34:49.000000000 -0600 ++++ source/smbd/reply.c 2003-04-05 14:16:35.000000000 -0600 +@@ -1500,6 +1500,9 @@ + + for (i=numentries;(i<maxentries) && !finished;i++) + { ++ /* check to make sure we have room in the buffer */ ++ if ( ((PTR_DIFF(p, outbuf))+DIR_STRUCT_SIZE) > BUFFER_SIZE ) ++ break; + finished = + !get_dir_entry(conn,mask,dirtype,fname,&size,&mode,&date,check_descend); + if (!finished) +@@ -3528,6 +3531,9 @@ + + + for (i=first;i<first+num_to_get;i++) { ++ /* check to make sure we have room in the buffer */ ++ if ( (PTR_DIFF(p, outbuf)+28) > BUFFER_SIZE ) ++ break; + put_dos_date2(p,0,queue[i].time); + SCVAL(p,4,(queue[i].status==LPQ_PRINTING?2:3)); + SSVAL(p,5, queue[i].job); diff --git a/net/samba/files/patch-security-ac b/net/samba/files/patch-security-ac new file mode 100644 index 000000000000..10887607716b --- /dev/null +++ b/net/samba/files/patch-security-ac @@ -0,0 +1,12 @@ +diff -u -r --new-file --exclude=CVS source/smbd/statcache.c samba-2.2.8a/source/smbd/statcache.c +--- source/smbd/statcache.c 2001-10-11 04:34:37.000000000 -0500 ++++ source/smbd/statcache.c 2003-04-04 16:02:33.000000000 -0600 +@@ -88,7 +88,7 @@ + * StrnCpy always null terminates. + */ + +- StrnCpy(orig_name, full_orig_name, namelen); ++ StrnCpy(orig_name, full_orig_name, MIN(namelen, sizeof(orig_name)-1)); + if(!case_sensitive) + strupper( orig_name ); + diff --git a/net/samba/files/patch-security-ad b/net/samba/files/patch-security-ad new file mode 100644 index 000000000000..7c05bc1f1730 --- /dev/null +++ b/net/samba/files/patch-security-ad @@ -0,0 +1,12 @@ +diff -u -r --new-file --exclude=CVS source/smbd/password.c samba-2.2.8a/source/smbd/password.c +--- source/smbd/password.c 2003-03-14 15:34:49.000000000 -0600 ++++ source/smbd/password.c 2003-04-04 16:02:33.000000000 -0600 +@@ -816,7 +816,7 @@ + if (!ok && lp_username(snum)) { + char *auser; + pstring user_list; +- StrnCpy(user_list,lp_username(snum),sizeof(pstring)); ++ StrnCpy(user_list,lp_username(snum),sizeof(pstring)-1); + + pstring_sub(user_list,"%S",lp_servicename(snum)); + diff --git a/net/samba/files/patch-security-ae b/net/samba/files/patch-security-ae new file mode 100644 index 000000000000..e47c4fdadd93 --- /dev/null +++ b/net/samba/files/patch-security-ae @@ -0,0 +1,7 @@ +*** source/include/version.h.orig Sat Apr 5 10:00:34 2003 +--- source/include/version.h Sat Apr 5 10:00:39 2003 +*************** +*** 1 **** +! #define VERSION "2.2.8" +--- 1 ---- +! #define VERSION "2.2.8p1" |