[SCM] Samba Shared Repository - branch v3-0-stable updated - release-3-0-27a-12-g5cc2bae

Gerald (Jerry) Carter jerry at samba.org
Mon Dec 10 15:31:29 GMT 2007


The branch, v3-0-stable has been updated
       via  5cc2baea238b49b99d69099a12c3c02ac4860a52 (commit)
       via  82bd5484ad502f2afdb771a27a12a39459cb2ec0 (commit)
       via  e1abd8c2265dd63d5de388e7d8047c80204bb36e (commit)
       via  1f7b4c72d953d2fc9d18eb96a4c7739ae36b5a3d (commit)
       via  62197dd367e7c04759560f395f554b2bfda90d78 (commit)
       via  64547bd884668d801c3ac48ff3374bf02a2d0959 (commit)
       via  b14aa30006033d9dbaa8120bc419406535d620b8 (commit)
       via  6a9610ba27f802136f1ca8a94816d552df17a166 (commit)
      from  2b4189175a4e54c922136dbfb35c276730a4039a (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-stable


- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 WHATSNEW.txt               |   39 +++++++++++++++++++++++++++++++++++----
 source/VERSION             |   10 +++++-----
 source/auth/auth_util.c    |    2 ++
 source/lib/version.c       |    6 +++---
 source/libsmb/clidgram.c   |    6 ++++++
 source/nmbd/nmbd_packets.c |    6 ++++++
 6 files changed, 57 insertions(+), 12 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 9b5494c..bd4fe02 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,38 @@
+                   ==============================
+                   Release Notes for Samba 3.0.28
+                            Dec 10, 2007
+                   ==============================
+
+Samba 3.0.28 is a security release in order to address the following
+defect:
+
+  o CVS-2007-6015
+    Boundary failure in GETDC mailslot processing can result in 
+    a buffer overrun
+
+The original security announcement for this and past advisories can 
+be found http://www.samba.org/samba/security/
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.27a
+---------------------
+
+o   Jeremy Allison <jra at samba.org>
+    * Fix for CVS-2007-0615.
+
+o   Volker Lendecke <vl at samba.org>
+    * Fix for CVS-2007-0615.
+    * Add missing unbecome_root() calls in error path processing
+      when failing to add local groups in create_local_nt_token().
+
+
+Release notes for older releases follow:
+
+      --------------------------------------------------
+
                    ===============================
                    Release Notes for Samba 3.0.27a
                              Nov 20, 2007
@@ -86,8 +121,6 @@ o   Martin Zielinski <mz at seh.de>
 
 
 
-Release notes for older releases follow:
-
       --------------------------------------------------
 
                    ==============================
@@ -124,8 +157,6 @@ o   Simo Sorce <idra at samba.org>
     * Additional fixes for CVS-2007-4572.
 
 
-Release notes for older releases follow:
-
       --------------------------------------------------
                    ===============================
                    Release Notes for Samba 3.0.26a
diff --git a/source/VERSION b/source/VERSION
index 4a0e3bd..d80ff13 100644
--- a/source/VERSION
+++ b/source/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=3
 SAMBA_VERSION_MINOR=0
-SAMBA_VERSION_RELEASE=27
+SAMBA_VERSION_RELEASE=28
 
 ########################################################
 # Bug fix releases use a letter for the patch revision #
@@ -36,7 +36,7 @@ SAMBA_VERSION_RELEASE=27
 # e.g. SAMBA_VERSION_REVISION=a                        #
 #  ->  "2.2.8a"                                        #
 ########################################################
-SAMBA_VERSION_REVISION=a
+SAMBA_VERSION_REVISION=
 
 ########################################################
 # For 'pre' releases the version will be               #
@@ -68,7 +68,7 @@ SAMBA_VERSION_RC_RELEASE=
 # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes               #
 #  ->  "3.0.0-SVN-build-199"                           #
 ########################################################
-SAMBA_VERSION_IS_GIT_SNAPSHOT=yes
+SAMBA_VERSION_IS_GIT_SNAPSHOT=
 
 ########################################################
 # This can be set by vendors if they want...           #
@@ -95,5 +95,5 @@ SAMBA_VERSION_IS_GIT_SNAPSHOT=yes
 # e.g. SAMBA_VERSION_VENDOR_SUFFIX=vendor_version()    #
 #  ->  "CVS 3.0.0rc2-VendorVersion"                    #
 ########################################################
-SAMBA_VERSION_VENDOR_SUFFIX="stable"
-SAMBA_VENDOR_PATCH=
+SAMBA_VERSION_VENDOR_SUFFIX=
+SAMBA_VERSION_VENDOR_PATCH=
diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 6fbec48..32224fa 100644
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -956,6 +956,7 @@ static struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
 		status = add_aliases(get_global_sam_sid(), result);
 
 		if (!NT_STATUS_IS_OK(status)) {
+			unbecome_root();
 			TALLOC_FREE(result);
 			return NULL;
 		}
@@ -965,6 +966,7 @@ static struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
 		status = add_aliases(&global_sid_Builtin, result);
 
 		if (!NT_STATUS_IS_OK(status)) {
+			unbecome_root();
 			TALLOC_FREE(result);
 			return NULL;
 		}
diff --git a/source/lib/version.c b/source/lib/version.c
index ee8c3eb..93fd108 100644
--- a/source/lib/version.c
+++ b/source/lib/version.c
@@ -28,7 +28,7 @@ const char *samba_version_string(void)
 #else
 	static fstring samba_version;
 	static BOOL init_samba_version;
-#ifdef SAMBA_VENDOR_PATCH
+#ifdef SAMBA_VERSION_VENDOR_PATCH
 	fstring tmp_version;
 	size_t remaining;
 #endif
@@ -40,9 +40,9 @@ const char *samba_version_string(void)
 		SAMBA_VERSION_OFFICIAL_STRING,
 		SAMBA_VERSION_VENDOR_SUFFIX);
 
-#ifdef SAMBA_VENDOR_PATCH
+#ifdef SAMBA_VERSION_VENDOR_PATCH
 	remaining = sizeof(samba_version)-strlen(samba_version);
-	snprintf( tmp_version, sizeof(tmp_version),  "-%d", SAMBA_VENDOR_PATCH );
+	snprintf( tmp_version, sizeof(tmp_version),  "-%d", SAMBA_VERSION_VENDOR_PATCH);
 	strlcat( samba_version, tmp_version, remaining-1 );
 #endif
 
diff --git a/source/libsmb/clidgram.c b/source/libsmb/clidgram.c
index 83ea81d..548ace6 100644
--- a/source/libsmb/clidgram.c
+++ b/source/libsmb/clidgram.c
@@ -72,6 +72,12 @@ BOOL cli_send_mailslot(BOOL unique, const char *mailslot,
 	/* Setup the smb part. */
 	ptr -= 4; /* XXX Ugliness because of handling of tcp SMB length. */
 	memcpy(tmp,ptr,4);
+
+	if (smb_size + 17*2 + strlen(mailslot) + 1 + len > MAX_DGRAM_SIZE) {
+		DEBUG(0, ("cli_send_mailslot: Cannot write beyond end of packet\n"));
+		return False;
+	}
+
 	set_message(ptr,17,strlen(mailslot) + 1 + len,True);
 	memcpy(ptr,tmp,4);
 
diff --git a/source/nmbd/nmbd_packets.c b/source/nmbd/nmbd_packets.c
index bbcc1ec..1460f7d 100644
--- a/source/nmbd/nmbd_packets.c
+++ b/source/nmbd/nmbd_packets.c
@@ -1892,6 +1892,12 @@ BOOL send_mailslot(BOOL unique, const char *mailslot,char *buf, size_t len,
 	/* Setup the smb part. */
 	ptr -= 4; /* XXX Ugliness because of handling of tcp SMB length. */
 	memcpy(tmp,ptr,4);
+
+	if (smb_size + 17*2 + strlen(mailslot) + 1 + len > MAX_DGRAM_SIZE) {
+		DEBUG(0, ("send_mailslot: Cannot write beyond end of packet\n"));
+		return False;
+	}
+
 	set_message(ptr,17,strlen(mailslot) + 1 + len,True);
 	memcpy(ptr,tmp,4);
 


-- 
Samba Shared Repository


More information about the samba-cvs mailing list