From 9c012d9aafdd3870e5cbd5795da7749d433f9a34 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Wed, 14 Oct 2020 15:04:07 +0800 Subject: samba: upgrade 4.10.17 -> 4.10.18 This is security release in order to address CVE-2020-1472 (Unauthenticated domain takeover via netlogon ("ZeroLogon")). See: https://www.samba.org/samba/history/samba-4.10.18.html Also remove 3 backported patches. Signed-off-by: Yi Zhao Signed-off-by: Khem Raj (cherry picked from commit bebdea8530652ff698885a3f55b0a650de319379) Signed-off-by: Armin Kuster --- .../0001-util-Simplify-input-validation.patch | 59 ---------------------- 1 file changed, 59 deletions(-) delete mode 100644 meta-networking/recipes-connectivity/samba/samba/0001-util-Simplify-input-validation.patch (limited to 'meta-networking/recipes-connectivity/samba/samba/0001-util-Simplify-input-validation.patch') diff --git a/meta-networking/recipes-connectivity/samba/samba/0001-util-Simplify-input-validation.patch b/meta-networking/recipes-connectivity/samba/samba/0001-util-Simplify-input-validation.patch deleted file mode 100644 index e724c04bcd..0000000000 --- a/meta-networking/recipes-connectivity/samba/samba/0001-util-Simplify-input-validation.patch +++ /dev/null @@ -1,59 +0,0 @@ -From f9d9ba6cd06aca053c747c399ba700db80b1623c Mon Sep 17 00:00:00 2001 -From: Martin Schwenke -Date: Tue, 9 Jun 2020 11:52:50 +1000 -Subject: [PATCH 1/3] util: Simplify input validation - -It appears that snprintf(3) is being used for input validation. -However, this seems like overkill because it causes szPath to be -copied an extra time. The mostly likely protections being sought -here, according to https://cwe.mitre.org/data/definitions/20.html, -look to be DoS attacks involving CPU and memory usage. A simpler -check that uses strnlen(3) can mitigate against both of these and is -simpler. - -Signed-off-by: Martin Schwenke -Reviewed-by: Volker Lendecke -Reviewed-by: Bjoern Jacke -(cherry picked from commit 922bce2668994dd2a5988c17060f977e9bb0c229) - -Upstream-Status:Backport -[https://gitlab.com/samba-team/samba/-/commit/f9d9ba6cd06aca053c747c399ba700db80b1623c] - -Signed-off-by: Yi Zhao ---- - lib/util/util_paths.c | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c -index c0ee5c32c30..dec91772d9e 100644 ---- a/lib/util/util_paths.c -+++ b/lib/util/util_paths.c -@@ -69,21 +69,20 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx) - struct passwd pwd = {0}; - struct passwd *pwdbuf = NULL; - char buf[NSS_BUFLEN_PASSWD] = {0}; -+ size_t len; - int rc; - - rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf); - if (rc != 0 || pwdbuf == NULL ) { -- int len_written; - const char *szPath = getenv("HOME"); - if (szPath == NULL) { - return NULL; - } -- len_written = snprintf(buf, sizeof(buf), "%s", szPath); -- if (len_written >= sizeof(buf) || len_written < 0) { -- /* Output was truncated or an error. */ -+ len = strnlen(szPath, PATH_MAX); -+ if (len >= PATH_MAX) { - return NULL; - } -- return talloc_strdup(mem_ctx, buf); -+ return talloc_strdup(mem_ctx, szPath); - } - - return talloc_strdup(mem_ctx, pwd.pw_dir); --- -2.17.1 - -- cgit 1.2.3-korg