Changeset 491 for branches/samba-3.3.x/source

Timestamp:

Sep 16, 2010, 10:06:10 AM (15 years ago)

Author:

Herwig Bauernfeind

Message:

Update Samba 3.3 to 3.3.14 (security update)

Location:

branches/samba-3.3.x/source

Files:

• VERSION (modified) (1 diff)
• lib/util_sid.c (modified) (1 diff)
• libads/ldap.c (modified) (1 diff)
• libsmb/cliquota.c (modified) (1 diff)
• smbd/nttrans.c (modified) (3 diffs)

branches/samba-3.3.x/source/VERSION

@@ -26 +26 @@
 SAMBA_VERSION_MAJOR=3
 SAMBA_VERSION_MINOR=3
-SAMBA_VERSION_RELEASE=13
+SAMBA_VERSION_RELEASE=14
 
 ########################################################

branches/samba-3.3.x/source/lib/util_sid.c

@@ -409 +409 @@
         sid->sid_rev_num = CVAL(inbuf, 0);
         sid->num_auths = CVAL(inbuf, 1);
+        if (sid->num_auths > MAXSUBAUTHS) {
+                return false;
+        }
         memcpy(sid->id_auth, inbuf+2, 6);
         if (len < 8 + sid->num_auths*4)

branches/samba-3.3.x/source/libads/ldap.c

@@ -2140 +2140 @@
                 DOM_SID sid;
                 fstring tmp;
-                sid_parse(values[i]->bv_val, values[i]->bv_len, &sid);
+                if (!sid_parse(values[i]->bv_val, values[i]->bv_len, &sid)) {
+                        continue;
+                }
                 printf("%s: %s\n", field, sid_to_fstring(tmp, &sid));
         }

branches/samba-3.3.x/source/libsmb/cliquota.c

@@ -118 +118 @@
 #endif /* LARGE_SMB_OFF_T */
 
-        sid_parse(rdata+40,sid_len,&qt.sid);
+        if (!sid_parse(rdata+40,sid_len,&qt.sid)) {
+                return false;
+        }
 
         qt.qtype = SMB_USER_QUOTA_TYPE;

branches/samba-3.3.x/source/smbd/nttrans.c

@@ -1951 +1951 @@
                 /*unknown = IVAL(pdata,0);*/
 
-                sid_parse(pdata+4,sid_len,&sid);
+                if (!sid_parse(pdata+4,sid_len,&sid)) {
+                        reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+                        return;
+                }
+
                 DEBUGADD(10, ("for SID: %s\n", sid_string_dbg(&sid)));
 
@@ -2207 +2211 @@
                         }
 
-                        sid_parse(pdata+8,sid_len,&sid);
+                        if (!sid_parse(pdata+8,sid_len,&sid)) {
+                                reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+                                return;
+                        }
 
                         if (vfs_get_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) {
@@ -2388 +2395 @@
 #endif /* LARGE_SMB_OFF_T */
 
-        sid_parse(pdata+40,sid_len,&sid);
+        if (!sid_parse(pdata+40,sid_len,&sid)) {
+                reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+                return;
+        }
+
         DEBUGADD(8,("SID: %s\n", sid_string_dbg(&sid)));