parent
4f1c05aa22
commit
849223fbb7
|
@ -0,0 +1,61 @@
|
|||
From efc2e996e3348392f1fd5c0ec7feae4f869fb8f9 Mon Sep 17 00:00:00 2001
|
||||
From: Jeff Layton <jlayton@redhat.com>
|
||||
Date: Tue, 16 Feb 2010 09:16:42 -0500
|
||||
Subject: [PATCH] cifs.upcall: allocate a talloc context for smb_krb5_unparse_name
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
cifs.upcall calls smb_krb5_unparse_name with a NULL talloc context.
|
||||
Older versions of this function though will conditionally use
|
||||
SMB_REALLOC instead of TALLOC_REALLOC when a NULL context is passed
|
||||
in. To make it more consistent, just spawn a talloc context that
|
||||
we can pass into this function.
|
||||
|
||||
Resolves:
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=565446
|
||||
https://bugzilla.samba.org/show_bug.cgi?id=6868
|
||||
|
||||
Reported-by: Ludek Finstrle <luf@seznam.cz>
|
||||
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
||||
Signed-off-by: Günther Deschner <gd@samba.org>
|
||||
(cherry picked from commit a8cc2fa09ed43a167f62711bef363a5ac335dc78)
|
||||
---
|
||||
source3/client/cifs.upcall.c | 5 ++++-
|
||||
1 files changed, 4 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/source3/client/cifs.upcall.c b/source3/client/cifs.upcall.c
|
||||
index 1617e0e..d573e76 100644
|
||||
--- a/source3/client/cifs.upcall.c
|
||||
+++ b/source3/client/cifs.upcall.c
|
||||
@@ -55,6 +55,7 @@ get_tgt_time(const char *ccname) {
|
||||
krb5_principal principal;
|
||||
time_t credtime = 0;
|
||||
char *realm = NULL;
|
||||
+ TALLOC_CTX *mem_ctx;
|
||||
|
||||
if (krb5_init_context(&context)) {
|
||||
syslog(LOG_DEBUG, "%s: unable to init krb5 context", __func__);
|
||||
@@ -86,9 +87,10 @@ get_tgt_time(const char *ccname) {
|
||||
goto err_ccstart;
|
||||
}
|
||||
|
||||
+ mem_ctx = talloc_init("cifs.upcall");
|
||||
while (!credtime && !krb5_cc_next_cred(context, ccache, &cur, &creds)) {
|
||||
char *name;
|
||||
- if (smb_krb5_unparse_name(NULL, context, creds.server, &name)) {
|
||||
+ if (smb_krb5_unparse_name(mem_ctx, context, creds.server, &name)) {
|
||||
syslog(LOG_DEBUG, "%s: unable to unparse name", __func__);
|
||||
goto err_endseq;
|
||||
}
|
||||
@@ -101,6 +103,7 @@ get_tgt_time(const char *ccname) {
|
||||
TALLOC_FREE(name);
|
||||
}
|
||||
err_endseq:
|
||||
+ TALLOC_FREE(mem_ctx);
|
||||
krb5_cc_end_seq_get(context, ccache, &cur);
|
||||
err_ccstart:
|
||||
krb5_free_principal(context, principal);
|
||||
--
|
||||
1.6.6
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
%define main_release 55
|
||||
%define main_release 56
|
||||
%define samba_version 3.4.5
|
||||
%define tdb_version 1.1.3
|
||||
%define talloc_version 1.3.0
|
||||
|
@ -47,6 +47,7 @@ Patch107: samba-3.2.0pre1-grouppwd.patch
|
|||
Patch200: samba-3.2.5-inotify.patch
|
||||
Patch201: samba-3.4.5-pdbedit.patch
|
||||
Patch202: samba-3.4.5-CVE-2009-3297-mount_cifs.patch
|
||||
Patch203: samba-3.4.5-cifs_upcall.patch
|
||||
|
||||
Requires(pre): samba-common = %{epoch}:%{samba_version}-%{release}
|
||||
Requires: pam >= 0:0.64
|
||||
|
@ -206,6 +207,7 @@ cp %{SOURCE11} packaging/Fedora/
|
|||
%patch200 -p0 -b .inotify
|
||||
%patch201 -p1 -b .pdbedit
|
||||
%patch202 -p1 -b .CVE-2009-3297-mount_cifs
|
||||
%patch203 -p1 -b .cifs_upcall
|
||||
|
||||
mv %samba_source/VERSION %samba_source/VERSION.orig
|
||||
sed -e 's/SAMBA_VERSION_VENDOR_SUFFIX=$/&\"%{samba_release}\"/' < %samba_source/VERSION.orig > %samba_source/VERSION
|
||||
|
@ -658,6 +660,10 @@ exit 0
|
|||
%{_datadir}/pixmaps/samba/logo-small.png
|
||||
|
||||
%changelog
|
||||
* Wed Feb 17 2010 Guenther Deschner <gdeschner@redhat.com> - 3.4.5-56
|
||||
- Fix crash in cifs.upcall
|
||||
- resolves: #565446
|
||||
|
||||
* Wed Jan 26 2010 Guenther Deschner <gdeschner@redhat.com> - 3.4.5-55
|
||||
- Security Release, fixes CVE-2009-3297
|
||||
- resolves: #532940
|
||||
|
|
Loading…
Reference in New Issue