diff options
Diffstat (limited to 'meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0006.patch')
| -rw-r--r-- | meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0006.patch | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0006.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0006.patch new file mode 100644 index 0000000000..34526a8c8e --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0006.patch @@ -0,0 +1,57 @@ +From 449f1280b718c6da3b8e309fe124be4e9bfd8184 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme <slow@samba.org> +Date: Tue, 20 Jun 2023 11:35:41 +0200 +Subject: [PATCH] CVE-2023-34968: rpcclient: remove response blob allocation + +This is alreay done by NDR for us. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388 + +Signed-off-by: Ralph Boehme <slow@samba.org> +Reviewed-by: Stefan Metzmacher <metze@samba.org> + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/449f1280b718c6da3b8e309fe124be4e9bfd8184] + +CVE: CVE-2023-34968 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + source3/rpcclient/cmd_spotlight.c | 16 ---------------- + 1 file changed, 16 deletions(-) + +diff --git a/source3/rpcclient/cmd_spotlight.c b/source3/rpcclient/cmd_spotlight.c +index 24db9893df6..64fe321089c 100644 +--- a/source3/rpcclient/cmd_spotlight.c ++++ b/source3/rpcclient/cmd_spotlight.c +@@ -144,13 +144,6 @@ static NTSTATUS cmd_mdssvc_fetch_properties( + } + request_blob.size = max_fragment_size; + +- response_blob.spotlight_blob = talloc_array(mem_ctx, uint8_t, max_fragment_size); +- if (response_blob.spotlight_blob == NULL) { +- status = NT_STATUS_INTERNAL_ERROR; +- goto done; +- } +- response_blob.size = max_fragment_size; +- + len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size); + if (len == -1) { + status = NT_STATUS_INTERNAL_ERROR; +@@ -368,15 +361,6 @@ static NTSTATUS cmd_mdssvc_fetch_attributes( + } + request_blob.size = max_fragment_size; + +- response_blob.spotlight_blob = talloc_array(mem_ctx, +- uint8_t, +- max_fragment_size); +- if (response_blob.spotlight_blob == NULL) { +- status = NT_STATUS_INTERNAL_ERROR; +- goto done; +- } +- response_blob.size = max_fragment_size; +- + len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size); + if (len == -1) { + status = NT_STATUS_INTERNAL_ERROR; +-- +2.40.0 |