summaryrefslogtreecommitdiffstats
path: root/source/libsmb
Commit message (Collapse)AuthorAgeFilesLines
* Fix denial of service - memory corruption.Karolin Seeger2011-02-271-0/+5
| | | | | | | | | | | | | | | | | | | | | | CVE-2011-0719 Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open). All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date.
* Fix bug #7669.Jeremy Allison2010-09-091-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in Samba4). CVE-2010-3069: =========== Description =========== All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server. A connection to a file share is needed to exploit this vulnerability, either authenticated or unauthenticated (guest connection).
* Fix off-by-one error in working out the limit of the NetServerEnum comment.Jeremy Allison2010-02-241-1/+1
| | | | | | | | Jeremy. (cherry picked from commit 9ad6f432f3f5844b4b419e7cbaf3c3e70b052d29) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 8cac1af47cad9d40b0ab86cda3674f4420507008)
* s3:libsmb: fix NetServerEnum3 rap calls.Stefan Metzmacher2010-02-241-5/+19
| | | | | | metze (cherry picked from commit 9b5198dd443a00fdad4faa1f9cdabedd81012d93) (cherry picked from commit 98399a69d6fc3d30c899588c8846ce19ef974fa3)
* s3:libsmb: don't reuse the callers stype variable in cli_NetServerEnum()Stefan Metzmacher2010-02-241-2/+3
| | | | | | | | | | | | | When we need to do more than one network operation to get the browse list we need to use the same 'stype' value each time. metze (cherry picked from commit c2e4746fa9d68e7601e8e90cc0144d2e65a695b6) Signed-off-by: Stefan Metzmacher <metze@samba.org> Fix bug #7098 (smbclient -L gives wrong results with a large browse list). (cherry picked from commit f6484f7febd853122d4b91e52ee896d70686d9d2)
* s3: Fix a crash in libsmbclient used against the OpenSolaris CIFS serverVolker Lendecke2010-02-241-1/+1
| | | | | | | | | A user has sent me a sniff where the OpenSolaris CIFS server returns "32" in totalentries, but the array in ctr only contains 15 entries. Look at the right delimiter for walking the array. Fix bug #7046 (libsmbclient crash against OpenSolaris CIFS server). (cherry picked from commit 1d611028433db18e96d946b206a8eed1048f9b26)
* Fix bug 7045 - Bad (non memory copying) interfaces in smbc_setXXXX calls.Jeremy Allison2010-02-242-10/+31
| | | | | | | | | | | | | | | In smbc_free_context libsmbclient just called free() on the string options so it assumes the callers have malloced them before setting them via smbc_set calls. Change to correctly malloc/free string options to the library. Protect against SMB_STRDUP of null. Contains 2d41b1ab78639abe4ae030ff482573f464564dd7 and f85b6ee90b88c7f7b2a92c8a5f3e2ebe59c1087b from master. Jeremy (cherry picked from commit edc44312f76e14e94c56e70cf7bb49139f9f081e)
* s3-libsmbclient: Fix crash bug in SMBC_parse_path().Günther Deschner2010-02-241-1/+1
| | | | | | | | | | | | Patch from Tim Waugh <twaugh@redhat.com>. This resolves https://bugzilla.redhat.com/show_bug.cgi?id=552658 LIBSMBCLIENT-OPENDIR torture test checks this as well. Guenther Fix bug #7043 (SIGSEGV in "SMBC_parse_path"). (cherry picked from commit 07263901632bb98851d86dc0ba1d2dc22735c020)
* s3: Fix a segfault in "net" version 3.3Volker Lendecke2010-01-131-1/+1
| | | | | | | | | | When neither LOGNAME nor -U is set, "net" and probably other client utils segfault. Reported by "vinnix" on irc. Volker Fix bug #6973 (segfault in client tools). (cherry picked from commit 6aa17a7b82333de674274045f574bf6c0ce72638)
* s3-kerberos: add a missing reference to authdata headers.Günther Deschner2010-01-131-0/+1
| | | | | | Guenther (cherry picked from commit da79cbb0800dd647be864e8bbb5fe1132708174b) (cherry picked from commit 9acd2394edf2504df23d0ce93f4bafc88c83323b)
* s3-kerberos: only use krb5 headers where required.Günther Deschner2010-01-132-3/+2
| | | | | | | | This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther (cherry picked from commit 60262369fc2ae19f6d9263e35b5db9b09b603a1b)
* s3-kerberos: Fix Bug #6929: build with recent heimdal.Günther Deschner2010-01-131-1/+1
| | | | | | | | | Heimdal changed the KRB5_DEPRECATED define (which now may not take an identifier for activation) in new releases (like 1.3.1). Guenther (cherry picked from commit 1a8f8382740e352a83133b8c49aaedd4716210cd) (cherry picked from commit a6572bb03fcd323ce03b22ccd713181235f3b0e6)
* s3-kerberos: add smb_krb5_principal_get_realm().Günther Deschner2010-01-131-0/+25
| | | | | Guenther (cherry picked from commit bddafc6de8e37e014d7f074b6107dda6f76ebdc5)
* clikrb5: Prefer krb5_free_keytab_entry_contents to krb5_kt_free_entry.Jelmer Vernooij2010-01-131-3/+8
| | | | | | | | Both functions exist in MIT Kerberos >= 1.7, but only krb5_free_keytab_entry_contents has a prototype. Part of a fix for bug #6918 (Build breaks with krb5-client-1.7-6.1.i586). (cherry picked from commit f7f183aba2c53426620bab7e934ce79b516dc4fc)
* s3: fixed krb5 build problem on ubuntu karmicAndrew Tridgell2010-01-131-0/+9
| | | | | | | | | | | Karmic has MIT krb5 1.7-beta3, which has the symbol krb5_auth_con_set_req_cksumtype but no prototype for it. See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531635 (cherry picked from commit a6e4cb500b4162cae1d906a1762507370b4ee89e) Part of a fix for bug #6918. (cherry picked from commit fbaed41c8f583f633673aca2f600c517744d28b5)
* Fix bug 6880 - cannot list workgroup servers reported by Alban Browaeys ↵Jeremy Allison2010-01-131-5/+14
| | | | | | <prahal@yahoo.com> with fix. Revert 2e989bab0764c298a2530a2d4c8690258eba210c with extra comments - this broke workgroup enumeration. Jeremy. (cherry picked from commit ed99189208b65bcc1a108c4f1a60c0535e75022c)
* Fix bug 6829 - smbclient does not show special characters properly. All ↵Jeremy Allison2010-01-132-0/+5
| | | | | | successful calls to cli_session_setup() *must* be followed by calls to cli_init_creds() to stash the credentials we successfully connected with. There were 2 codepaths where this was missing. This caused smbclient to be unable to open the \srvsvc pipe to do an RPC netserverenum, and cause it to fall back to a RAP netserverenum, which uses DOS codepage conversion rather than the full UCS2 of RPC, so the returned characters were not correct (unless the DOS codepage was set correctly). Phew. That was fun to track down :-). Includes logic simplification in libsmb_server.c Jeremy. (cherry picked from commit bbeda1398687b79596769a5d046e1e0f249bd382)
* s3:smbclient: Fix bug 6606 (reported as 6744) in 3.3Volker Lendecke2009-10-121-20/+168
| | | | | | | This is a port of 1f34ffa0ca and 24309bdb2efc to 3.3. Fix file corruption using smbclient with NT4 server. (cherry picked from commit b0fdc578fb10062c36ce2df18ab37cab57a89692)
* s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_spnego_ntlmssp ↵Günther Deschner2009-10-081-0/+1
| | | | | | | and cli_rpc_pipe_open_ntlmssp. Guenther (cherry picked from commit 41158d10cdad5b923d0bfa608f73c0daf8ccd352)
* Second part of a fix for bug #6235.Jeremy Allison2009-10-071-1/+1
| | | | | Domain enumeration breaks if master browser has space in name. (cherry picked from commit d984b39d971b7fc8f66e6c5376a2b7a98dfc20d8)
* Fix bug #6532.Derrell Lipman2009-10-071-1/+2
| | | | | Domain enumeration breaks if master browser has space in name. (cherry picked from commit e3601a43421cc51b2b4b6413f547daf6ea9b0b41)
* s3/getdcname: Fix 'net' crash.Kumar Thangavelu2009-10-071-2/+2
| | | | | | | | | | | 'net' command crashed when attempting to join a domain. This occurred in a very specific case where the DC had multiple IPs and one of the IPs was invalid. Signed-off-by: Volker Lendecke <vl@samba.org> Fixes bug #6420. (cherry picked from commit 30cca93674d0dad15ad0ccfaf0d81f94d7d17b4a)
* s3:libsmb: Correctly chew keepalive packetsVolker Lendecke2009-10-071-0/+6
| | | | | | | | | | | | Thanks a *lot* to Günther to send me the relevant traces! Volker Signed-off-by: Günther Deschner <gd@samba.org> Fixes bug #6646 (Winbind authentication issue on 3.2.13/14 and 3.4.0 (was: [Samba] Crazied NTLM_AUTH on samba 3.4.0)). (cherry picked from commit 28674fcda7aaf839fdf5704e4133a0bd3a3f93a2)
* s3: Unable to browse DFS when using kerberos in libsmbclientBo Yang2009-10-071-4/+13
| | | | | | | Signed-off-by: Bo Yang <boyang@samba.org> Fixes bug #6615. (cherry picked from commit 40da23b6a7dc7acfbdf76a6808b7e50c6c39093e)
* s3/libsmb: Fix typo in error message.Karolin Seeger2009-07-271-1/+1
| | | | | | | | Thanks to Herb Lewis <hlewis [at] panasas.com> for noticing! Karolin (cherry picked from commit 095f66b0ed74d4b5c7561ca05bbfdf33f60d0600) (cherry picked from commit eb3889c8b745023bfd7956bfcd961adbe78b6cea)
* s3/libsmb: Fix debug message.Karolin Seeger2009-06-151-1/+1
| | | | | | | | | | | This fixes bug #6472. Karolin Signed-off-by: Volker Lendecke <vl@samba.org> Was commit f92269a6 in master. (cherry picked from commit 7108ebb87902f3b5d2c43ba95d557278ad8e120f)
* s3-credentials: protect netlogon_creds_server_step() against NULL creds.Guenther Deschner2009-06-101-0/+4
| | | | | | | Found by SCHANNEL torture tests. Guenther (cherry picked from commit 339b99e31577d8a522711f84bc7d94e88c75d334)
* When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid.Jeremy Allison2009-04-171-1/+1
| | | | | Jeremy. (cherry picked from commit d7b0894c8d025ceda4b7208e134e591bc4953400)
* error-codes: add some service related error codes.Günther Deschner2009-04-171-0/+3
| | | | | Guenther (cherry picked from commit a46f334c73683276984727a7306b18d2d2a8e222)
* [Bug 6228] SMBC_open_ctx failure due to path resolve failure doesn't set errnoDerrell Lipman2009-03-313-1/+15
| | | | | | | | | | | | | Fixed. It turns out there were a number of places where cli_resolve_path() was called and the error path upon that function failing did not set errno. There were a couple of places the failure handling code did set errno to ENOENT, so I made them all consistent, although I think better errno choices for this condition exist, e.g. EHOSTUNREACH. Derrell (cherry picked from commit d72271908e0d67eb31fbc1d818d6f2c720bd7fbb)
* s3: parse_packet can return NULL which is then dereferenced in ↵Tim Prouty2009-03-271-0/+4
| | | | | | match_mailslot_name (cherry picked from commit e452955c077a761cbadd27bede8d6844edbb2e5e)
* Fix two memleaks in the encryption codeVolker Lendecke2009-03-271-1/+2
| | | | | | | | | | | ntlmssp_seal_packet creates its own signature data blob, which we then have to free. Jeremy, please check and merge appropriately (Yes, I'm asking you to do the janitor work, I want you to *look* at this :-)) Volker (cherry picked from commit 4d0cfb46e449e85646e05df2c4efe7dffa670edd)
* s3:dsgetdcname: use parentheses in if condition to make negation clearBjörn Jacke2009-03-271-1/+1
| | | | | | Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit 87b428e424e2e3cca975ecd0efed327e72950a1d) (cherry picked from commit deba6c883965f99bf70744a5a4fb8124a73910fd)
* s3-krb5: Fix Coverity #722 (RESOURCE_LEAK).Günther Deschner2009-03-271-12/+18
| | | | | | Guenther (cherry picked from commit 1524abd8bf12d82e1fb0063585fc9a465fc7bf9c) (cherry picked from commit 3517388b5d5439ffe3f9629aaf826fa1dfbb4ba7)
* s3:libsmb: fix smb signing for fragmented trans/trans2/nttrans requestsStefan Metzmacher2009-03-271-23/+7
| | | | | | | | | | | | | | | | | | | | | | | | | Before we send the secondary requests we need to remove the old mid=>seqnum mapping and reset cli->mid and make the new mid=>seqnum mapping "persistent". The bug we had in cli_send_trans was this: The first cli_send_smb() incremented cli->mid and the secondary requests used the incremented mid, but as cli->outbuf still had the correct mid, we send the correct mid to the server. The real problem was that the cli_send_smb() function stored the seqnum under the wrong mid. cli_send_nttrans() was totally broken and now follows the same logic as cli_send_trans(). The good thing is that in practice the problem is unlikely to happen, because max_xmit is large enough to avoid secondary requests. metze (cherry picked from commit 880fbc4e8cd67de73c4bcda94489eb1e1422a04b) (cherry picked from commit 70466990b4b7c68ae95dbbcf741cd3f41f2dd0b3) (cherry picked from commit d01cca5e3ddb925696d49a1ea728013ec1032372)
* Allow DFS client paths to work when POSIX pathnames have beenJeremy Allison2009-03-271-2/+12
| | | | | | selected (we need to path in pathname /that/look/like/this). Jeremy. (cherry picked from commit bf1474aee37976f0d7e3cece8f39b0046ee54209)
* Fix a malloc/talloc mismatch when cli_initialise() failsVolker Lendecke2009-03-271-1/+1
| | | | (cherry picked from commit 3751ea72f225e370c52b842f258a828ff4a596fd)
* s3:signing: the seqnum should only be decremented by 1 for ntcancel requestsStefan Metzmacher2009-03-111-2/+4
| | | | | | | | | | [MS-SMB] 3.3.5.1 Receiving Any Message says that the seqnum is incremented by only for ntcancel requests for any other request it's by incremented by 2, even if it doesn't expect a response. metze (cherry picked from commit 0999366b6b36f3084870af0375d686b0cbaae698)
* Fix bug 6124: Attempt to fix the build on IRIXVolker Lendecke2009-03-061-1/+1
| | | | | Under irix, "sa_family" is a #define to sa_union.sa_generic.sa_family2 (cherry picked from commit 7fea973c6a204f422d92c2abf1d40d3558808696)
* Make char* parameters constDerrell Lipman2009-03-061-16/+6
| | | | | | | | | | | | - Use const in function signatures whenever appropriate, to help prevent errant scribbling on users' buffers. smbc_set_credentials() always acted as if its formal parameters were const char *, and changing the formal declaration to specify that should not cause any change to the ABI. It is still allowable to pass a writable buffer to a function which specifies that it will not write to the buffer. Derrell (cherry picked from commit 53fea3a7aef481151c3a15d01481cb0f11ae2e8b)
* More warning fixes for Solaris.Jeremy Allison2009-02-241-1/+1
| | | | | Jeremy. (cherry picked from commit aea38950ff4865f1d791cd19619fadcd59eaf480)
* Change smbc_set_credentials_with_fallback() (unreleased) to useJeremy Allison2009-02-231-7/+14
| | | | | | const approptiately. Jeremy. (cherry picked from commit 07c7085f25718915cda07e38a87a008a72abbf4f)
* variable grouping: just my OCD desire to keep similar things togetherDerrell Lipman2009-02-231-5/+7
| | | | (cherry picked from commit f84fd046fcff6c3310ef595fb3e4cbe774703d2a)
* Make libsmbclient work with DFSBo Yang2009-02-236-6/+96
| | | | | Signed-off-by: Derrell Lipman <derrell.lipman@unwireduniverse.com> (cherry picked from commit 8457e7bba4ef2ba479340829bb89a3a8772f958b)
* Gah, typo :-(. Sorry.Jeremy Allison2009-02-191-1/+1
| | | | (cherry picked from commit 88041d92ae2a619d5b4d4ad010ef7366b5c05c3f)
* Fix coverity CID-602. Possible use of uninitialized var.Jeremy Allison2009-02-191-1/+1
| | | | | Jeremy. (cherry picked from commit 43db14008eb660f1b1f21e1ff6dd2d340d1106ab)
* Don't miss an absolute pathname as a kerberos keytab path. From Glenn Machin ↵Jeremy Allison2009-02-181-0/+5
| | | | | | | <gmachin@sandia.gov>. Jeremy. (cherry picked from commit 8fd6dbcd5a61c48953974bf1880375b9dd1c88d6)
* remove accidental white spaceDerrell Lipman2009-02-161-1/+0
| | | | (cherry picked from commit 82e392f6b24518d40ea65dbdf044d8ba94e77ae2)
* Get rid of the warnings I had for testingDerrell Lipman2009-02-161-5/+0
| | | | (cherry picked from commit f38c50b13f3ad916db884611ad4199198f6cade2)
* It seems some systems use f_flags instead of f_flag. Use the appropriate one.Derrell Lipman2009-02-161-4/+20
| | | | (cherry picked from commit 3b12ab74252c850348c2d15adf930aa01e0652ff)
generated by cgit (git 2.34.1) at 2025-08-28 23:42:29 +0000