diff options
| author | timur <timur@FreeBSD.org> | 2010-06-18 20:58:06 +0800 |
|---|---|---|
| committer | timur <timur@FreeBSD.org> | 2010-06-18 20:58:06 +0800 |
| commit | e4764d5177ec10a63bddb4c6a10e44a9b77071f9 (patch) | |
| tree | bd714b9a00e19c6963a2b9f1cce2746e76184dba /net | |
| parent | 80652feba3f5fd226e9d7ec07c3989759d546bd1 (diff) | |
| download | freebsd-ports-graphics-e4764d5177ec10a63bddb4c6a10e44a9b77071f9.tar.gz freebsd-ports-graphics-e4764d5177ec10a63bddb4c6a10e44a9b77071f9.tar.zst freebsd-ports-graphics-e4764d5177ec10a63bddb4c6a10e44a9b77071f9.zip | |
Security: CVE-2010-2063
Feature safe: yes
Address CVE-2010-2063
Diffstat (limited to 'net')
| -rw-r--r-- | net/samba32/Makefile | 8 | ||||
| -rw-r--r-- | net/samba32/files/CVE-2010-2063_samba-3.3.patch | 37 |
2 files changed, 44 insertions, 1 deletions
diff --git a/net/samba32/Makefile b/net/samba32/Makefile index d9254e7192d..4e41eaeee9a 100644 --- a/net/samba32/Makefile +++ b/net/samba32/Makefile @@ -7,6 +7,7 @@ PORTNAME= samba PORTVERSION?= 3.2.15 +PORTREVISION?= 1 CATEGORIES?= net MASTER_SITES= ${MASTER_SITE_SAMBA} MASTER_SITE_SUBDIR= . old-versions rc pre @@ -15,7 +16,12 @@ DISTNAME= ${PORTNAME}-${PORTVERSION:S/.p/pre/:S/.r/rc/} MAINTAINER?= timur@FreeBSD.org COMMENT?= A free SMB and CIFS client and server for UNIX -CONFLICTS?= *samba-3.[03].* samba4* tdb-1.* talloc-1.* +CONFLICTS?= *samba-3.[03-5].* samba4* tdb-1.* talloc-1.* + +EXPIRATION_DATE= 2010-09-01 +DEPRECATED= Unsupported by the upstream. Please, consider to upgrade. + +EXTRA_PATCHES= ${PATCHDIR}/CVE-2010-2063_samba-3.3.patch USE_GMAKE= yes USE_ICONV= yes diff --git a/net/samba32/files/CVE-2010-2063_samba-3.3.patch b/net/samba32/files/CVE-2010-2063_samba-3.3.patch new file mode 100644 index 00000000000..dae12c5176d --- /dev/null +++ b/net/samba32/files/CVE-2010-2063_samba-3.3.patch @@ -0,0 +1,37 @@ +diff --git a/source/smbd/process.c b/source/smbd/process.c +index 446b868..403c7c6 100644 +--- smbd/process.c ++++ smbd/process.c +@@ -1645,6 +1645,7 @@ void construct_reply_common(const char *inbuf, char *outbuf) + void chain_reply(struct smb_request *req) + { + static char *orig_inbuf; ++ static int orig_size; + + /* + * Dirty little const_discard: We mess with req->inbuf, which is +@@ -1679,13 +1680,24 @@ void chain_reply(struct smb_request *req) + if (chain_size == 0) { + /* this is the first part of the chain */ + orig_inbuf = inbuf; ++ orig_size = size; + } + ++ /* Validate smb_off2 */ ++ if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) { ++ exit_server_cleanly("Bad chained packet"); ++ return; ++ } + /* + * We need to save the output the caller added to the chain so that we + * can splice it into the final output buffer later. + */ + ++ if (outsize <= smb_wct) { ++ exit_server_cleanly("Bad chained packet"); ++ return; ++ } ++ + caller_outputlen = outsize - smb_wct; + + caller_output = (char *)memdup(outbuf + smb_wct, caller_outputlen); |