[SCM] SAMBA-CTDB repository - branch v3-2-ctdb updated -
build_3.2.6_ctdb.52-7-ge2ac74f
Michael Adam
obnox at samba.org
Fri Jan 9 14:01:41 GMT 2009
The branch, v3-2-ctdb has been updated
via e2ac74fb837a184ac01483199463bf623ee9a8ef (commit)
via fad1ebe43b95f48b988175f06c49ea7cfd59ccf6 (commit)
via 1cc7001af4ae6fc1c5193d3f7657e879495e8d06 (commit)
from 392ef47470e7b246157aa13b9550af96a600d169 (commit)
http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-2-ctdb
- Log -----------------------------------------------------------------
commit e2ac74fb837a184ac01483199463bf623ee9a8ef
Author: Karolin Seeger <kseeger at samba.org>
Date: Fri Dec 19 14:57:33 2008 +0100
WHATSNEW: Prepare WHATSNEW for 3.2.7.
Karolin
(cherry picked from commit 0730f4e464b249ffe2319e98902ed96089f3230b)
commit fad1ebe43b95f48b988175f06c49ea7cfd59ccf6
Author: Karolin Seeger <kseeger at samba.org>
Date: Fri Dec 19 14:45:36 2008 +0100
VERSION: Raise version number up to 3.2.7.
Karolin
(cherry picked from commit 33b904c7003e85362eb991c9475991f35b576fd1)
commit 1cc7001af4ae6fc1c5193d3f7657e879495e8d06
Author: Michael Adam <obnox at samba.org>
Date: Thu Dec 18 18:01:55 2008 +0100
smbd: prevent access to root filesystem when connecting with empty service name
This only applies to a setup with "registry shares = yes"
Michael
(cherry picked from commit 288fa94ac7cfdf7457b5098c33fc840bed3d5410)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 203 ++++---------------------------------------------
source/VERSION | 2 +-
source/smbd/service.c | 4 +
3 files changed, 19 insertions(+), 190 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 447844b..af91e72 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,206 +1,31 @@
- ==============================
- Release Notes for Samba 3.2.6
- December 10, 2008
- ==============================
+ =============================
+ Release Notes for Samba 3.2.7
+ January 05, 2009
+ =============================
-This is a bug fix release of the Samba 3.2 series.
+This is a security release in order to address CVE-2009-0022.
-Major enhancements included in Samba 3.2.6 are:
+ o CVE-2009-0022
+ In Samba 3.2.0 to 3.2.6, in setups with registry shares enabled,
+ access to the root filesystem ("/") is granted
+ when connecting to a share called "" (empty string)
+ using old versions of smbclient (before 3.0.28).
- o Fix Winbind crash bugs.
- o Fix moving of readonly files.
- o Fix "write list" in setups using "security = share".
- o Fix access to cups-printers with cups 1.3.4.
- o Fix timeouts in setups with large groups.
- o Fix several bugs concerning Alternate Data Streams.
- o Add new SMB traffic analyzer VFS module.
+The original security announcement for this and past advisories can
+be found http://www.samba.org/samba/security/
######################################################################
Changes
#######
-Changes since 3.2.5
+Changes since 3.2.6
-------------------
o Michael Adam <obnox at samba.org>
- * BUG 5677: Fix test_{shlibs,nss_modules,pam_modules} on Solaris.
- * BUG 5765: Fix installlibs on solaris by using portable "test -r".
- * Fix potential segfault in vfs_tsmsm.
- * Don't list the domain twice when expanding internal aliases.
- * Fix the output of "getent group" when "winbind use default domain = yes"
- with "security = ads".
- * Add domain prefix to username in lookup_groupmem().
- * Prevent negative GM/ cache entries due to broken connections.
- * Fix crash in sync_eventlog_params().
- * Fix timeouts when calling 'getgrent'.
- * Fix smbd hanging on Solaris when winbindd closes socket.
-
-
-o Jeremy Allison <jra at samba.org>
- * BUG 1254: Fix "write list" in setups using "security = share".
- * BUG 5080: Fix access to cups-printers with cups 1.3.4.
- * BUG 5737: Fix Winbind crash in an unusual failure mode.
- * BUG 5783: Fix FindFirst where search pattern equals the mangled filename.
- * BUG 5790: Fix returning of STATUS_OBJECT_NAME_NOT_FOUND on set file
- disposition.
- * BUG 5797: Fix moving of readonly files.
- * BUG 5814: Fix Winbind crash bug while doing "rescan_trusted_domain".
- * BUG 5818: Sort ACEs in smbcacl output properly and honor inheritance.
- * BUG 5825: Fix account locking with LDAP backend.
- * BUG 5826: Fix truncated filenames when accessing old servers.
- * BUG 5889: Fix "delete veto files = no".
- * BUG 5891: Fix smbd crash when viewing the eventlog exported by "eventlog
- list".
- * BUG 5900: Fix vfs_readonly.
- * BUG 5903: Fix vfs_streams_xattr breaking contents of files.
- * BUG 5904: Fix libnss_wins causing SIGABRT while servicing getaddrinfo()
- request.
- * BUG 5914: Fix build failure: redefinition of struct name_list.
- * BUG 5937: Fix filenames with "*" char hiding other files.
- * BUG 5953: Fix smbclient crashes.
- * Fix rename_open_files.
- * Restructure VFS SMB traffic analyzer VFS module.
- * Correctly fix smbclient to terminate on eof from server.
- * Unify access checks for lsa server functions.
- * Remove the requirement for ldap call made as root.
- * Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles.
- * Fix net rpc vampire, based on an *amazing* piece of debugging work by
- "Cooper S. Blake" <the_analogkid at yahoo.com>.
- * Fix Coverity IDs 456, 574, 592, 606 and 607.
- * Fix net rpc vampire.
-
-
-o Gerald (Jerry) Carter <jerry at samba.org>
- * Use the same prerequisite for DDNS update as Windows XP.
- * Make "lwinet ads dns register" honor the "interfaces" parameter.
-
-
-o Steven Danneman <steven.danneman at isilon.com>
- * Fix extended DN parse error when AD object does not have a SID.
-
-
-o Guenther Deschner <gd at samba.org>
- * BUG 5888: Fix PNP_GetHwProfInfo().
- * BUG 5957: Do not abort rename process on valid rename script.
- * BUG 5898: Fix 'net rpc shutdown'.
- * Fix duplicate installation of cifs.upcall.
- * Fix _srvsvc_NetShareAdd segfault.
- * Ensure consistency when reporting password complexity.
- * Fix _lsa_GetUserName.
- * Fix access check in _samr_QuerySecurity().
- * _samr_DeleteUser needs to wipe out the user_handle on success.
- * NetGroupEnum_r needs to handle servers with no groups.
-
-
-o Mathias Dietz <MDIETZ at de.ibm.com>
- * Search for gpfs functions in both libgpfs_gpl.so an libgpfs.so.
-
-
-o Dina Fine <dina at exanet.com>
- * BUG 5908: Fix internal change notify on shared directory.
-
-
-o Nils Goroll <nils.goroll at hamburg.de>
- * BUG 5135 and 5446: Prevent calling POSIX ACL vfs methods on zfs share.
-
-
-o Henning Henkel <henning.henkel at fh-furtwangen.de>
- * BUG 5929: Fix building of vfs_prealloc with option --with-cluster-support
- and GPFS.
-
-
-o Holger Hetterich <hhetter at novell.com>
- * Add new VFS module to analyze SMB traffic
-
-
-o Tomasz Krasuski <kr0tki at poczta.onet.pl>
- * BUG 5928: Fix 'testparm --version'.
-
-
-o Jeff Layton <jlayton at redhat.com>
- * Have uppercase_string return success on NULL pointer in mount.cifs.
- * Make mount.cifs return codes match the return codes for /bin/mount.
- * Use lock/unlock_mtab scheme from util-linux-ng mount prog in mount.cifs.
-
-
-o Volker Lendecke <vl at samba.org>
- * BUG 5691: Fig smbd panic on Solaris.
- * BUG 5778: Check if strlcpy and strlcat are already defined.
- * BUG 5840: Fix segfault in "rpcclient lsaaddacctrights".
- * BUG 5860: Fix nasty error message for overlong strings in safe_strcpy.
- * Fix a potential NULL deref in found by the IBM Checker.
- * Fix an uninitialized variable found by the IBM Checker.
- * Fix an unlikely memleak found by the IBM Checker.
- * Fix some missing error handlings.
- * Add workaround for domain joins using a netbios name which is different
- from the hostname.
- * Fix crash bug when freeing a non-malloc'ed buffer if the client sends a
- non-encrypted packet with the crypto state set.
- * Fix trans2findfirst for the large directory optimization.
- * Fix checking for presence of cups-devel and correct cups-devel test for
- HAVE_IPRINT.
-
-
-o Derrell Lipman <derrell.lipman at unwireduniverse.com>
- * BUG 5805: Don't close stdout when calling setup_logging multiple times.
-
-
-o Stefan Metzmacher <metze at samba.org>
- * Fix setting of trust password using 'net rpc trustdom add'.
- * Fix several issues in vfs_streams_xattr and vfs_stream_depot.
- * Return an error instead of crashing when no realm is given (trigerred by
- "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't exist)
- and "disable netbios = yes").
-
-
-o Jim McDonough <jmcd at samba.org>
- * Fix the new vfs_smb_traffic_analyzer build for static links.
-
-
-o TAKAHASHI Motonobu <monyo at samba.gr.jp>
- * BUG 5901: Fix default for streams_depot location.
-
-
-o Tim Prouty <tim.prouty at isilon.com>
- * Fix several build warnings.
-
-
-o Andreas Schneider <mail at cynapses.org>
- * Delete the krb5 ccname variable from the PAM environment if set.
- * Fix circular dependency error with autoconf 2.6.3.
-
-
-o Martin Schwenke <martin at meltin.net>
- * Add @CIFSUPCALL_PROGS@ to "all" target so cifs.upcall gets built at
- compile time rather than install time.
-
-
-o Davide Sfriso <sfriso at virgilio.it>
- * BUG 5906: Fix Winbind crash when calling 'getent group'.
-
-
-o Dan Sledz <dsledz at isilon.com>
- * Add FreeBSD configure check for backtrace_symbols.
- * Fix logging to syslog.
- * Allow SYSLOG_FACILITY to be modified with a new configure option called
- --with-syslog-facility.
-
-
-o Yasuma Takeda <yasuma at osstech.co.jp>
- * BUG 5909: Fix MS-DFS on Vista clients.
- * BUG 5944: Fix starting of nmbd with "socket address" set to "".
-
-
-o Andrew Tridgell <tridge at samba.org>
- * Fix segfault on startup with trusted domains.
- * Re-add "winbind:ignore domains" parameter.
-
-
-o Jelmer Vernooij <jelmer at samba.org>
- * Avoid freeing fsp twice when opening new_file fails (Debian #431696).
+ * Fix for CVE-2009-0022.
######################################################################
diff --git a/source/VERSION b/source/VERSION
index 215af9e..6a7c8fc 100644
--- a/source/VERSION
+++ b/source/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=3
SAMBA_VERSION_MINOR=2
-SAMBA_VERSION_RELEASE=6
+SAMBA_VERSION_RELEASE=7
########################################################
# Bug fix releases use a letter for the patch revision #
diff --git a/source/smbd/service.c b/source/smbd/service.c
index 491a67a..cb51f35 100644
--- a/source/smbd/service.c
+++ b/source/smbd/service.c
@@ -235,6 +235,10 @@ static int load_registry_service(const char *servicename)
return -1;
}
+ if ((servicename == NULL) || (*servicename == '\0')) {
+ return -1;
+ }
+
if (strequal(servicename, GLOBAL_NAME)) {
return -2;
}
--
SAMBA-CTDB repository
More information about the samba-cvs
mailing list