Changeset 693

Timestamp:

Mar 11, 2012, 6:19:02 PM (13 years ago)

Author:

Herwig Bauernfeind

Message:

Update Samba 3.0 with CVE-2012-0870 security patch

Location:

branches/samba-3.0/source

Files:

• build.cmd (modified) (11 diffs)
• smbd/process.c (modified) (4 diffs)

branches/samba-3.0/source/build.cmd

@@ -1 +1 @@
 /* Samba build script for eCS (OS/2) */
+
+/* version history */
+/* version 0.1.0 from 09.04.2010 Herwig (first edition) */
+/* version 0.2.2 from 08.09.2009 Herwig (a lot enhancements) */
+/* version 0.3.0 from 17.08.2010 Silvan (redone a lot) */
+/* version 0.3.1 from 20.08.2010 Silvan (added version.ecs check) */
+/* version 0.3.2 from 08.07.2011 Silvan (pythonhome may be not set) */
+/* version 0.3.3 from 05.11.2011 Herwig (add support for libc064) */
+/* version 0.3.4 from 23.11.2011 Herwig (simplify libc switching) */
+/* version 0.3.5 from 23.11.2011 Herwig (brand befor configure, if version.h is missing) */
+
+/* load the sysfuncs if not already loaded */
+if (RxFuncQuery('SysLoadFuncs') = 1) then
+do
+    call RxFuncAdd 'SysLoadFuncs', 'RexxUtil', 'SysLoadFuncs';
+    call SysLoadFuncs;
+end
+
+/* init the version string (don't forget to change) */
+version = "0.3.5"
+version_date = "23.11.2011"
 
 '@echo off'
 parse upper arg cmdline
 
+say "Samba for eCS (OS/2) build script v"   || version || " from " || version_date
+
 /* No parameter or HELP -> display usage */
 if pos("HELP", cmdline) > 0 | cmdline = "" then do
-    say "Samba for eCS (OS/2) build script"
     say
     say "Valid commands are:"
     say "      HELP  - this page"
-    say "      063   - link against libc063.dll"
-    say "      064x  - link against libc064x.dll"
     say "      CONF  - run configure"
     say "      CLEAN - clean up and recompile everything"
@@ -20 +40 @@
     say "      ZIP   - create ZIP archive"
     say "      ALL   - do just everything"
+    say "Deprecated options:"
+    say "      064   - link against libc064.dll (default)"
+    say "      064x  - link against libc064x.dll"
+    say "      063   - link against libc063.dll"
     say 
     exit 255
@@ -30 +54 @@
 
 options = 'build.options'
+cacheFile = 'build.cache'
 
 /* defaults */
 make  = ""
-libc  = "064x"
 brand = "No"
 conf  = ""
@@ -52 +76 @@
 build_parms = ""
 
+/* delete the following 7 lines to remove libc switching capability */
+select 
+    when pos("064X", cmdline) > 0 then libc = "064X"
+    when pos("063", cmdline) > 0 then  libc = "063"
+    otherwise libc = "064"
+end
+address cmd "call "libc".cmd"
+
 if pos("MAKE", cmdline) > 0 then do
     make = "MAKE"
@@ -61 +93 @@
     build_parms = build_parms||' 'make
 end
-if pos("064X", cmdline) > 0 then do
-    libc = "064X"
-    build_parms = build_parms||' 'libc    
-end
-if pos("063", cmdline) > 0 then do
-    libc = "063"
-    build_parms = build_parms||' 'libc    
-end
+
 if pos("BRAND", cmdline) > 0 then do
     Brand = "YES"
@@ -78 +103 @@
 end
 
+ok = SysFileTree(".\include\version.h",versionh.,'FO')
+
+if versionh.0 = 0 & conf = "YES" then do
+    svninfo = ".\svninfo"
+    address cmd 'svn status -q -u | grep "^Status against revision:" | sed -e "s/Status against revision: *//">'svninfo
+    revision = strip(translate(linein(svninfo)))
+    ok = stream(svninfo,'c','close')
+    call brand revision
+end
+
 /* start working */
-if libc = "063" then do
-    address cmd "call 063.cmd"
-end
-else do
-    address cmd "call 064x.cmd"
-end
-
 if conf = "YES" then do
-        address cmd 'SETLOCAL'
-        address cmd 'SET CFLAGS=-g -Zomf -O1 -march=pentium -mtune=pentium4'
-        address cmd 'SET CXXFLAGS=-g -Zomf -O1 -march=pentium -mtune=pentium4'
-        address cmd 'SET LDFLAGS=-s -Zsym -Zmap -Zbin-files -Zomf -Zexe -Zargs-wild -Zargs-resp'
-        address cmd 'SET AR=emxomfar'
-        address cmd 'SET LIBS=-lsocket -lsyslog'
+    address cmd 'SETLOCAL'
+/*  address cmd 'SET CFLAGS=-g -Zomf -O1 -march=pentium -mtune=pentium4'
+    address cmd 'SET CXXFLAGS=-g -Zomf -O1 -march=pentium -mtune=pentium4'
+    address cmd 'SET LDFLAGS=-s -Zsym -Zmap -Zbin-files -Zomf -Zexe -Zargs-wild -Zargs-resp'
+    address cmd 'SET AR=emxomfar'
+    address cmd 'SET LIBS=-lsocket -lsyslog' */
     /* disabled options:
-         --enable-developer --enable-socket-wrapper
+         --enable-developer --enable-socket-wrapper
      */
-    address cmd 'ksh ./configure --enable-pie=no --prefix=/samba --enable-static --disable-shared --disable-cups --disable-ldap --with-acl-support 2>&1 | tee configure.log'
-        address cmd 'ENDLOCAL'
+
+/* we need to delete the cache file and redo it afterwards */
+    ok = SysFileDelete(cacheFile);
+
+/* is cups env set */
+    sEnvVar = EnvGet('CUPS');
+    if sEnvVar <> '' then do
+        call lineout cacheFile, "ac_cv_path_CUPS_CONFIG='" || sEnvVar || "'";
+    end
+
+/* is python env set */
+    sEnvVar = EnvGet('PYTHONHOME');
+    if sEnvVar <> '' then do
+        sPythonVersion = PythonVersion(sEnvVar);
+        if sPythonVersion <> '-1' then do
+            call lineout cacheFile, "ac_cv_path_PYTHON_CONFIG='" || sEnvVar || "/config/" || sPythonVersion || "'";
+            call lineout cacheFile, "ac_cv_path_PYTHON='" || sEnvVar || "'";
+        end
+    end
+
+    ok = stream(cacheFile, 'c', 'close');
+
+/* run configure */
+    address cmd 'ksh ./configure --enable-pie=no --prefix=/samba --disable-shared --with-acl-support --cache-file=build.cache 2>&1 | tee configure.log'
+    address cmd 'ENDLOCAL'
 end
 
@@ -103 +154 @@
     address cmd "make clean"
 end
-           
+
 if brand = "YES" then do
     svninfo = ".\svninfo"
@@ -115 +166 @@
     say build_parms
     address cmd 'make 2>&1 | tee build.log'
-end    
+end
 
 if pos("ZIP", cmdline) > 0 then do
@@ -143 +194 @@
     VerFile = "VERSION.ECS"
 
+    /* is the file available */
+    ok = stream(VerFile, 'c', 'QUERY EXISTS')
+    if ok = "" then do
+        say "Please create a " || VerFile || " based on VERSION.EC_"
+        exit 0
+    end
+
     /* Samba Version file */
     Version = "VERSION"
@@ -153 +211 @@
         eCSVer.I = linein(VerFile)
         if left(eCSVer.I,28) = "SAMBA_VERSION_VENDOR_SUFFIX=" then do
-                    parse var eCSver.I . '='vendor_suffix
-                    vendor_suffix = strip(vendor_suffix,,'"')
-                    parse var vendor_suffix vendor suffix
+            parse var eCSver.I . '='vendor_suffix
+            vendor_suffix = strip(vendor_suffix,,'"')
+            parse var vendor_suffix vendor suffix
         end
     end
@@ -193 +251 @@
     verstring = suffix'-'Major'.'minor'.'release'.'revision'-'vendor'-'date('S')
     say "Samba "verstring
-return 
+return
+
+
+/**
+ * Gets the value of sEnvVar.
+ */
+EnvGet: procedure
+    parse arg sEnvVar
+    if ((translate(sEnvVar) = 'BEGINLIBPATH') | (translate(sEnvVar) = 'ENDLIBPATH')) then
+        return SysQueryExtLibPath(substr(sEnvVar, 1, 1));
+return value(sEnvVar,, 'OS2ENVIRONMENT');
+
+/**
+ * try to find the pythonversion
+ */
+PythonVersion: procedure
+    parse arg pdir
+
+    ok = SysFileTree(pdir||"\python*.dll",pydll.,"FO")
+    rc = -1
+    if pydll.0 = 1 then do
+        dllpur = filespec("N",pydll.1)
+        parse var dllpur 'python' ver '.dll'
+        if datatype(ver) <> "NUM" then do
+            say "no valid python dll found!"
+        end
+        else do
+            major = left(ver,1)
+            minor = substr(ver,2,)
+            verstring = "python"||major||"."||minor
+            rc = verstring
+        end
+    end
+    else do
+        say "no dll found!"
+    end
+return rc

branches/samba-3.0/source/smbd/process.c

@@ -1026 +1026 @@
         int msg_type = CVAL(inbuf,0);
         uint16_t mid = SVAL(inbuf, smb_mid);
+        uint8_t wct = CVAL(inbuf, smb_wct);
 
         chain_size = 0;
@@ -1033 +1034 @@
         if (msg_type != 0)
                 return(reply_special(inbuf,outbuf));  
+
+        /* Ensure we have at least wct words and 2 bytes of bcc. */
+        if (smb_size + wct*2 > size) {
+                DEBUG(0,("init_smb_request: invalid wct number %u (size %u)\n",
+                        (unsigned int)wct,
+                        (unsigned int)size));
+                exit_server_cleanly("Invalid SMB request");
+        }
+        /* Ensure bcc is correct. */
+        if (((uint8 *)smb_buf(inbuf)) + smb_buflen(inbuf) > inbuf + size) {
+                DEBUG(0,("init_smb_request: invalid bcc number %u "
+                        "(wct = %u, size %u)\n",
+                        (unsigned int)smb_buflen(inbuf),
+                        (unsigned int)wct,
+                        (unsigned int)size));
+                exit_server_cleanly("Invalid SMB request");
+        }
 
         construct_reply_common(inbuf, outbuf);
@@ -1162 +1180 @@
         static int orig_size;
         int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0);
-        unsigned smb_off2 = SVAL(inbuf,smb_vwv1);
+        static unsigned smb_off2;
         char *inbuf2, *outbuf2;
         int outsize2;
@@ -1181 +1199 @@
                 orig_outbuf = outbuf;
                 orig_size = size;
-        }
+                smb_off2 = 0;
+        }
+
+        if (SVAL(inbuf,smb_vwv1) <= smb_off2) {
+                DEBUG(1, ("AndX offset not increasing\n"));
+                SCVAL(outbuf, smb_vwv0, 0xFF);
+                return outsize;
+        }
+        smb_off2 = SVAL(inbuf, smb_vwv1);
 
         /* Validate smb_off2 */