aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0004.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0004.patch')
-rw-r--r--meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0004.patch85
1 files changed, 85 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0004.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0004.patch
new file mode 100644
index 0000000000..785908b528
--- /dev/null
+++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0004.patch
@@ -0,0 +1,85 @@
+From 0ae6084d1a9c4eb12e9f1ab1902e00f96bcbea55 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Mon, 19 Jun 2023 18:28:41 +0200
+Subject: [PATCH] CVE-2023-34968: mdscli: remove response blob allocation
+
+This is handled by the NDR code transparently.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+---
+ source3/rpc_client/cli_mdssvc.c | 36 ---------------------------------
+ 1 file changed, 36 deletions(-)
+
+diff --git a/source3/rpc_client/cli_mdssvc.c b/source3/rpc_client/cli_mdssvc.c
+index 046d37135cb..474d7c0b150 100644
+--- a/source3/rpc_client/cli_mdssvc.c
++++ b/source3/rpc_client/cli_mdssvc.c
+@@ -276,15 +276,6 @@ struct tevent_req *mdscli_search_send(TALLOC_CTX *mem_ctx,
+ return tevent_req_post(req, ev);
+ }
+
+- state->response_blob.spotlight_blob = talloc_array(
+- state,
+- uint8_t,
+- mdscli_ctx->max_fragment_size);
+- if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
+- return tevent_req_post(req, ev);
+- }
+- state->response_blob.size = mdscli_ctx->max_fragment_size;
+-
+ subreq = dcerpc_mdssvc_cmd_send(state,
+ ev,
+ mdscli_ctx->bh,
+@@ -457,15 +448,6 @@ struct tevent_req *mdscli_get_results_send(
+ return tevent_req_post(req, ev);
+ }
+
+- state->response_blob.spotlight_blob = talloc_array(
+- state,
+- uint8_t,
+- mdscli_ctx->max_fragment_size);
+- if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
+- return tevent_req_post(req, ev);
+- }
+- state->response_blob.size = mdscli_ctx->max_fragment_size;
+-
+ subreq = dcerpc_mdssvc_cmd_send(state,
+ ev,
+ mdscli_ctx->bh,
+@@ -681,15 +663,6 @@ struct tevent_req *mdscli_get_path_send(TALLOC_CTX *mem_ctx,
+ return tevent_req_post(req, ev);
+ }
+
+- state->response_blob.spotlight_blob = talloc_array(
+- state,
+- uint8_t,
+- mdscli_ctx->max_fragment_size);
+- if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
+- return tevent_req_post(req, ev);
+- }
+- state->response_blob.size = mdscli_ctx->max_fragment_size;
+-
+ subreq = dcerpc_mdssvc_cmd_send(state,
+ ev,
+ mdscli_ctx->bh,
+@@ -852,15 +825,6 @@ struct tevent_req *mdscli_close_search_send(TALLOC_CTX *mem_ctx,
+ return tevent_req_post(req, ev);
+ }
+
+- state->response_blob.spotlight_blob = talloc_array(
+- state,
+- uint8_t,
+- mdscli_ctx->max_fragment_size);
+- if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
+- return tevent_req_post(req, ev);
+- }
+- state->response_blob.size = mdscli_ctx->max_fragment_size;
+-
+ subreq = dcerpc_mdssvc_cmd_send(state,
+ ev,
+ mdscli_ctx->bh,
+--
+2.40.0
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-01 10:14:48 +0000