Changeset 340 for branches/samba-3.2.x/source

Timestamp:

Oct 8, 2009, 8:16:40 AM (16 years ago)

Author:

Herwig Bauernfeind

Message:

Update 3.2 to 3.2.15 (security update)

Location:

branches/samba-3.2.x/source

Files:

• VERSION (modified) (1 diff)
• client/mount.cifs.c (modified) (7 diffs)
• include/smb.h (modified) (1 diff)
• include/version.h (modified) (1 diff)
• param/loadparm.c (modified) (2 diffs)
• smbd/process.c (modified) (8 diffs)
• smbd/service.c (modified) (2 diffs)

branches/samba-3.2.x/source/VERSION

@@ -26 +26 @@
 SAMBA_VERSION_MAJOR=3
 SAMBA_VERSION_MINOR=2
-SAMBA_VERSION_RELEASE=14
+SAMBA_VERSION_RELEASE=15
 
 ########################################################

branches/samba-3.2.x/source/client/mount.cifs.c

@@ -200 +200 @@
         FILE * fs;
         int i, length;
+
+        i = access(file_name, R_OK);
+        if (i)
+                return i;
+
         fs = fopen(file_name,"r");
         if(fs == NULL)
@@ -322 +327 @@
 
         if(filename != NULL) {
+                rc = access(filename, R_OK);
+                if (rc) {
+                        fprintf(stderr, "mount.cifs failed: access check of %s failed: %s\n",
+                                        filename, strerror(errno));
+                        exit(EX_SYSERR);
+                }
                 file_descript = open(filename, O_RDONLY);
                 if(file_descript < 0) {
@@ -380 +391 @@
                 return 1;
         data = *optionsp;
-
-        if(verboseflag)
-                printf("parsing options: %s\n", data);
 
         /* BB fixme check for separator override BB */
@@ -472 +480 @@
                         if (!value || !*value) {
                                 if(got_password) {
-                                        printf("\npassword specified twice, ignoring second\n");
+                                        fprintf(stderr, "\npassword specified twice, ignoring second\n");
                                 } else
                                         got_password = 1;
-                        } else if (strnlen(value, 17) < 17) {
-                                if(got_password)
-                                        printf("\nmount.cifs warning - password specified twice\n");
-                                got_password = 1;
+                        } else if (strnlen(value, MOUNT_PASSWD_SIZE) < MOUNT_PASSWD_SIZE) {
+                                if (got_password) {
+                                        fprintf(stderr, "\nmount.cifs warning - password specified twice\n");
+                                } else {
+                                        mountpassword = strndup(value, MOUNT_PASSWD_SIZE);
+                                        if (!mountpassword) {
+                                                fprintf(stderr, "mount.cifs error: %s", strerror(ENOMEM));
+                                                SAFE_FREE(out);
+                                                return 1;
+                                        }
+                                        got_password = 1;
+                                }
                         } else {
-                                printf("password too long\n");
+                                fprintf(stderr, "password too long\n");
                                 SAFE_FREE(out);
                                 return 1;
                         }
+                        goto nocopy;
                 } else if (strncmp(data, "sec", 3) == 0) {
                         if (value) {
@@ -1371 +1388 @@
                 }
         }
-        if(mountpassword) {
-                /* Commas have to be doubled, or else they will
-                look like the parameter separator */
-/*              if(sep is not set)*/
-                if(retry == 0)
-                        check_for_comma(&mountpassword);
-                strlcat(options,",pass=",options_size);
-                strlcat(options,mountpassword,options_size);
-        }
 
         strlcat(options,",ver=",options_size);
@@ -1392 +1400 @@
                 strlcat(options,prefixpath,options_size); /* no need to cat the / */
         }
-        if(verboseflag)
-                printf("\nmount.cifs kernel mount options %s \n",options);
 
         /* convert all '\\' to '/' in share portion so that /proc/mounts looks pretty */
@@ -1424 +1430 @@
                 }
         }
+
+        if(verboseflag)
+                fprintf(stderr, "\nmount.cifs kernel mount options: %s", options);
+
+        if (mountpassword) {
+                /*
+                 * Commas have to be doubled, or else they will
+                 * look like the parameter separator
+                 */
+                if(retry == 0)
+                        check_for_comma(&mountpassword);
+                strlcat(options,",pass=",options_size);
+                strlcat(options,mountpassword,options_size);
+                if (verboseflag)
+                        fprintf(stderr, ",pass=********");
+        }
+
+        if (verboseflag)
+                fprintf(stderr, "\n");
 
         if (!fakemnt && mount(dev_name, mountpoint, "cifs", flags, options)) {

branches/samba-3.2.x/source/include/smb.h

@@ -760 +760 @@
         struct timeval end_time; /* When does this time out? */
         bool encrypted;
+        bool processed;
         DATA_BLOB buf;
         DATA_BLOB private_data;

branches/samba-3.2.x/source/include/version.h

@@ -2 +2 @@
 #define SAMBA_VERSION_MAJOR 3
 #define SAMBA_VERSION_MINOR 2
-#define SAMBA_VERSION_RELEASE 14
-#define SAMBA_VERSION_OFFICIAL_STRING "3.2.14"
+#define SAMBA_VERSION_RELEASE 15
+#define SAMBA_VERSION_OFFICIAL_STRING "3.2.15"
 #define SAMBA_VERSION_STRING samba_version_string()

branches/samba-3.2.x/source/param/loadparm.c

@@ -5851 +5851 @@
         int i;
 
+        if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
+                        pszHomedir[0] == '\0') {
+                return false;
+        }
+
         i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
 
@@ -7801 +7806 @@
                 home = get_user_home_dir(talloc_tos(), p);
 
-                if (home && homes >= 0)
+                if (home && home[0] && homes >= 0)
                         lp_add_home(p, homes, p, home);
 

branches/samba-3.2.x/source/smbd/process.c

@@ -435 +435 @@
         msg->end_time = end_time;
         msg->encrypted = req->encrypted;
+        msg->processed = false;
 
         if (private_data) {
@@ -490 +491 @@
                         (unsigned int)msg_mid ));
                 if (mid == msg_mid) {
+
+                        if (pml->processed) {
+                                /* A processed message should not be
+                                 * rescheduled. */
+                                DEBUG(0,("schedule_deferred_open_smb_message: LOGIC ERROR "
+                                        "message mid %u was already processed\n",
+                                        (unsigned int)msg_mid ));
+                                continue;
+                        }
+
                         DEBUG(10,("schedule_deferred_open_smb_message: scheduling mid %u\n",
                                 mid ));
@@ -504 +515 @@
 
 /****************************************************************************
- Return true if this mid is on the deferred queue.
+ Return true if this mid is on the deferred queue and was not yet processed.
 ****************************************************************************/
 
@@ -512 +523 @@
 
         for (pml = deferred_open_queue; pml; pml = pml->next) {
-                if (SVAL(pml->buf.data,smb_mid) == mid) {
+                if (SVAL(pml->buf.data,smb_mid) == mid && !pml->processed) {
                         return True;
                 }
@@ -779 +790 @@
                            know this is a retry. */
                         DEBUG(5,("receive_message_or_smb: returning deferred open smb message.\n"));
+
+                        /* Mark the message as processed so this is not
+                         * re-processed in error. */
+                        msg->processed = true;
                         return NT_STATUS_OK;
                 }
@@ -1406 +1421 @@
                 if (!change_to_user(conn,session_tag)) {
                         reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRbaduid));
-                        remove_deferred_open_smb_message(req->mid);
                         return conn;
                 }
@@ -1471 +1485 @@
 static void construct_reply(char *inbuf, int size, size_t unread_bytes, bool encrypted)
 {
+        struct pending_message_list *pml = NULL;
         uint8 type = CVAL(inbuf,smb_com);
         connection_struct *conn;
@@ -1485 +1500 @@
 
         conn = switch_message(type, req, size);
+
+        /* If this was a deferred message and it's still there and
+         * was processed, remove it. */
+        pml = get_open_deferred_message(req->mid);
+        if (pml && pml->processed) {
+                remove_deferred_open_smb_message(req->mid);
+        }
 
         if (req->unread_bytes) {

branches/samba-3.2.x/source/smbd/service.c

@@ -55 +55 @@
         const char *s = connectpath;
         bool start_of_name_component = true;
+
+        if (connectpath == NULL || connectpath[0] == '\0') {
+                return false;
+        }
 
         destname = SMB_STRDUP(connectpath);
@@ -332 +336 @@
         int iHomeService;
 
-        if (!service || !homedir)
+        if (!service || !homedir || homedir[0] == '\0')
                 return -1;