| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
SLES 9's glibc for example had weird macros where the use of strncat resulted
in the use of strcat which we don't allow.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Thu Aug 4 17:50:24 CEST 2011 on sn-devel-104
Fix bug #8362 (build issue on old glibc systems).
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is more portable, as we have a strtoll replacement
in lib/replace.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Aug 6 11:55:45 CEST 2011 on sn-devel-104
(cherry picked from commit a6be0820d09b3f3eabfbb5f4356add303aa8a494)
Fix bug #8347 (CVE-2011-2522 regression for HP-UX, AIX and OSF).
|
|
|
|
|
| |
Karolin
(cherry picked from commit 0fb8c85001ee0657be20aae81716d9c309420652)
|
|
|
|
|
| |
Karolin
(cherry picked from commit a646b2e5ad0e19f8506bff3ff8b0ce2e3bcbf061)
|
|
|
|
|
|
|
| |
Thanks to Simo for reporting!
Karolin
(cherry picked from commit f571f362deaa5bfbdb22c3a7d8409bab9b6c8d82)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In CGI mode, we don't get access to the user's password, which would
reduce the hash used so far to parameters an attacker can easily guess.
To work around this, read the nonce from secrets.tdb or generate one if
it's not there.
Also populate the C_user field so we can use that for token creation.
Signed-off-by: Kai Blin <kai@samba.org>
The last 12 patches address bug #8290 (CSRF vulnerability in SWAT).
This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT).
(cherry picked from commit 3973cfa50024983618a44ffdb9f756b642b85be7)
|
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit 11e281228f334bf3d384df5655136f0b4b4068aa)
|
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit 407ae61fbfc8ee1643a4db8ea9b104f031b32e0f)
|
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit 4850456845d2da5e3451716a5ad4ca0ef034e01f)
|
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit ef457a20422cfa8231e25b539d2cd87f299686b9)
|
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit 8fb3064eeaa3640af6c8b91aa5859d8bfb6d0888)
|
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit eb22fd73060534700d514ec295985549131c7569)
|
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit 94f8482607a175c44436fae456fbda3624629982)
|
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit ba996f0ae87f6bf4f19a4918e44dbd6d44a96561)
|
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit 3f38cf42facc38c19e0448cbae3078b9606b08e4)
|
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit 3806fec53dcf3b6e5c3fd71917f9d67d47c65e32)
|
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit b610e0cee563465c6b970647b215f8ae4d0c6599)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
insert arbitrary content into the "change password" page.
This patch fixes the reflection issue by not printing user-specified content on
the website anymore.
Signed-off-by: Kai Blin <kai@samba.org>
CVE-2011-2694.
(cherry picked from commit d401ccaedaec09ad6900ec24ecaf205bed3e3ac1)
|
|
|
|
|
| |
Karolin
(cherry picked from commit 5d2d4fbf5bcf6aa1c1d994adaed22dec3ba09b9c)
|
|
|
|
|
| |
Karolin
(cherry picked from commit ad64256e19bef0b4441bc660faf524150e12bdf8)
|
|
|
|
|
|
|
|
|
|
|
|
| |
(bug #8276)
Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open)
(commit feb3fcd0fa4bda0967b881315595d7702f4d1752) changed the bahavior,
so that we skipped some sockets.
This should work for v3-3-test.
metze
|
|
|
|
|
| |
Karolin
(cherry picked from commit 074ad65a4b429c7671043e062bec4d9f53df53bf)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2011-0719
Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open).
All current released versions of Samba are vulnerable to
a denial of service caused by memory corruption. Range
checks on file descriptors being used in the FD_SET macro
were not present allowing stack corruption. This can cause
the Samba code to crash or to loop attempting to select
on a bad file descriptor set.
A connection to a file share, or a local account is needed
to exploit this problem, either authenticated or unauthenticated
(guest connection).
Currently we do not believe this flaw is exploitable
beyond a crash or causing the code to loop, but on the
advice of our security reviewers we are releasing fixes
in case an exploit is discovered at a later date.
(cherry picked from commit 724e44eed299c618066dec411530aa9f156119ec)
|
|
|
|
|
| |
Karolin
(cherry picked from commit 23ec2b1a988fff922864a03b6061c6bc2e584ce0)
|
|
|
|
|
| |
Karolin
(cherry picked from commit cdb6f49d577fa5b24d294a50780604c89912c012)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in
Samba4).
CVE-2010-3069:
===========
Description
===========
All current released versions of Samba are vulnerable to
a buffer overrun vulnerability. The sid_parse() function
(and related dom_sid_parse() function in the source4 code)
do not correctly check their input lengths when reading a
binary representation of a Windows SID (Security ID). This
allows a malicious client to send a sid that can overflow
the stack variable that is being used to store the SID in the
Samba smbd server.
A connection to a file share is needed to exploit this
vulnerability, either authenticated or unauthenticated
(guest connection).
(cherry picked from commit df1c76e2275068d1006e82a4a21d42b58175268b)
|
|
|
|
|
| |
Karolin
(cherry picked from commit da9325d02038b5e65873593dece510fa09851772)
|
|
|
|
|
| |
Karolin
(cherry picked from commit 293a8676ee72a635096ff1a1b167ecf6fa525276)
|
|
|
|
|
| |
Karolin
(cherry picked from commit d07d8701d9a49609d0291b599816a0670d29a9f3)
|
|
|
|
|
| |
Karolin
(cherry picked from commit 9aa30a0bbd5eaf99fec9f6b51f859bf751e155ff)
|
|
|
|
|
|
| |
Fix bug #7494 (Buffer overrun possible in chain_reply code in 3.3.x and below.)
and address CVE-2010-2063.
(cherry picked from commit 86ab436a0da958914f99dc8b7e88b10db4692d98)
|
|
|
|
|
|
|
|
|
| |
to respond to a read or write."
This reverts commit 153357b9bb4d70a168c81cb9ff2da437eae823fc.
This fixes bug #7222 (All users have full rigths on all shares) (CVE-2010-0728).
(cherry picked from commit 007f9c90e952aeea2d8f73cff3ccd0f747a9c06e)
|
|
|
|
|
| |
Karolin
(cherry picked from commit cb608fef71f9da629a1858cd1d6c8b19e27e6655)
|
|
|
|
|
| |
Karolin
(cherry picked from commit 689fd1bd11806f92e9f5acbc634e27f7b197ee23)
|
|
|
|
| |
Karolin
|
|
|
|
| |
Apparently the AIX compiler can't deal with sizeless array declarations
|
|
|
|
|
|
|
|
|
|
| |
This way we can endup with silently using builtin_passdb_methods
for an ad domain without an inbound trust.
This fixes bug #7170.
metze
(cherry picked from commit f924b7749280b31ece19885de1c3ad1bd71942ac)
|
|
|
|
|
|
| |
Karolin
(cherry picked from commit b78de63ef3cde53e3aabbe46654aac5a335f16a8)
(cherry picked from commit d3738dbe1cabb0ad0acf5f8c9b5e8106285ca9a1)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
values in subsequent SMBtrans replies)
There are two problems:
1). The server is off-by-one in the end of buffer space test.
2). The server returns 0 in the totaldata (smb_vwv1) and totalparams (smb_vwv0)
fields in the second and subsequent SMBtrans replies.
This patch fixes both.
Jeremy.
(similar to commit b07a14dc37d2899f662e1cf87064f99c0bd10b25)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
| |
Jeremy.
(cherry picked from commit 9ad6f432f3f5844b4b419e7cbaf3c3e70b052d29)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
| |
A comparison function for qsort needs to return an 'int'!
Otherwise you'll get random results depending on the compiler
and the architecture...
metze
(cherry picked from commit 1686a5e7e7eb1b411b003cbbde5c0d28741c6d02)
|
|
|
|
|
| |
metze
(cherry picked from commit 9b5198dd443a00fdad4faa1f9cdabedd81012d93)
|
|
|
|
|
|
|
|
|
|
| |
containing a '.'
Fix use of uninitialized variable. This can lead to crashes if
mangling = hash processes names with no '.'.
Jeremy.
(cherry picked from commit df13b1303a751962d8f7d5298b39e4a7500fef15)
|
|
|
|
|
|
|
|
|
|
|
| |
value(s) error when "mangling method = hash"
The charset array allocated in init_chartest() is allocated
by MALLOC, but only some elements of it being set after allocation. Fix is to
memset to zero after allocation.
Jeremy.
(cherry picked from commit a4e8210ba7d6d471cb9f17754244393b9c1e5930)
|
|
|
|
|
|
|
|
|
|
|
| |
Re-arrange the operations order so SMB_VFS_CONNECT is done
first as root (to allow modules to correctly initialize themselves).
Reviewed modules to check if they needed CONNECT invoked as
a user (which we previously did) and it turns out any of them
that cared needed root permissions anyway.
Jeremy.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a smb.conf reload turns wide links back on after a connection is establised.
Includes git refs :
cd18695fc2e4d09ab75e9eab2f0c43dcc15adf0b
94865e4dbd3d721c9855aada8c55e02be8b3881e
5d92d969dda450cc3564dd2265d2b042d832c542
02a5078f1fe6285e4a0b6ad95a3aea1c5bb3e8cf
a6f402ad87ff0ae14d57d97278d67d0ceaaa1d82
from master.
Jeremy.
Fix bug #7104 ("wide links" and "unix extensions" are incompatible.)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change parameter "wide links" to default to "no".
Ensure "wide links = no" if "unix extensions = yes" on a share.
Fix man pages to refect this.
Remove "within share" checks for a UNIX symlink set - even if
widelinks = no. The server will not follow that link anyway.
Correct DEBUG message in check_reduced_name() to add missing "\n"
so it's really clear when a path is being denied as it's outside
the enclosing share path.
Jeremy.
|
|
|
|
| |
Fix bug #5885 (swat prints a bogus ip-address in smb.conf).
|
|
|
|
|
|
| |
Signed-off-by: Bo Yang <boyang@samba.org>
Fix bug #7106.
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we need to do more than one network operation to get the
browse list we need to use the same 'stype' value each time.
metze
(cherry picked from commit c2e4746fa9d68e7601e8e90cc0144d2e65a695b6)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Fix bug #7098 (smbclient -L gives wrong results with a large browse list).
|