[SCM] Samba Shared Repository - branch v3-6-stable updated

Karolin Seeger kseeger at samba.org
Sun Jan 29 12:47:38 MST 2012


The branch, v3-6-stable has been updated
       via  71e7cdc s3-smbd: Fix bug #8724.
       via  3f117d2 WHATSNEW: Add release notes for 3.6.3.
       via  e35523c VERSION: Bump version up to 3.6.3.
      from  b0cd2e5 WHATSNEW: Add another change.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable


- Log -----------------------------------------------------------------
commit 71e7cdcce26c1ed7504760a94cf51e79b2ec570c
Author: Ira Cooper <ira at wakeful.net>
Date:   Sun Jan 29 20:36:05 2012 +0100

    s3-smbd: Fix bug #8724.
    
    Fix bug #8724 - Memory leak in parent smbd on connection.
    This is CVE-2012-0817.
    
    Patch have been created by Ira Cooper <ira at wakeful.net> and
    Jeremy Allison <jra at samba.org>.
    (cherry picked from commit 964620240c83024bea8bbce0bc282b0851513808)

commit 3f117d2bcf33913e7cc3e4b0e01ac98f649fa078
Author: Karolin Seeger <kseeger at samba.org>
Date:   Sun Jan 29 20:33:38 2012 +0100

    WHATSNEW: Add release notes for 3.6.3.
    
    Karolin
    (cherry picked from commit 677f5573570ad1cbd4c1e1d920f67a0d20edea25)

commit e35523c33ab626a8dee8e037aa2027cdc5ad01a6
Author: Karolin Seeger <kseeger at samba.org>
Date:   Sun Jan 29 20:33:15 2012 +0100

    VERSION: Bump version up to 3.6.3.
    
    Karolin
    (cherry picked from commit a3dd55e40cc905a4535d1786f2d53cda221fb3e2)

-----------------------------------------------------------------------

Summary of changes:
 WHATSNEW.txt             |   54 ++++++++++++++++++++++++++++++++++++++++++++-
 source3/VERSION          |    2 +-
 source3/lib/substitute.c |    9 ++++++-
 source3/smbd/server.c    |    6 +++++
 4 files changed, 66 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index b3e5008..2868320 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,53 @@
                    =============================
+                   Release Notes for Samba 3.6.3
+                         January 29, 2012
+                   =============================
+
+
+This is a security release in order to address
+CVE-2012-0817 (Memory leak/Denial of service).
+
+o  CVE-2012-0817:
+   The Samba File Serving daemon (smbd) in Samba versions
+   3.6.0 to 3.6.2 is affected by a memory leak that can
+   cause a server denial of service.
+
+
+Changes since 3.6.2:
+--------------------
+
+
+o   Jeremy Allison <jra at samba.org>
+    * BUG 8724: Fix memory leak in parent smbd on connection.
+
+
+o   Ira Cooper <samba at ira.wakeful.net>
+    * BUG 8724: Fix memory leak in parent smbd on connection.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 3.6 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+Release notes for older releases follow:
+----------------------------------------
+
+                   =============================
                    Release Notes for Samba 3.6.2
                          January 25, 2012
                    =============================
@@ -174,8 +223,9 @@ database (https://bugzilla.samba.org/).
 == The Samba Team
 ======================================================================
 
-Release notes for older releases follow:
-----------------------------------------
+
+----------------------------------------------------------------------
+
 
                    =============================
                    Release Notes for Samba 3.6.1
diff --git a/source3/VERSION b/source3/VERSION
index e8a1992..9ba1b54 100644
--- a/source3/VERSION
+++ b/source3/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=3
 SAMBA_VERSION_MINOR=6
-SAMBA_VERSION_RELEASE=2
+SAMBA_VERSION_RELEASE=3
 
 ########################################################
 # Bug fix releases use a letter for the patch revision #
diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
index e72a8c3..68328e5 100644
--- a/source3/lib/substitute.c
+++ b/source3/lib/substitute.c
@@ -195,7 +195,7 @@ void sub_set_smb_name(const char *name)
 }
 
 static char sub_peeraddr[INET6_ADDRSTRLEN];
-static const char *sub_peername = "";
+static const char *sub_peername = NULL;
 static char sub_sockaddr[INET6_ADDRSTRLEN];
 
 void sub_set_socket_ids(const char *peeraddr, const char *peername,
@@ -208,6 +208,11 @@ void sub_set_socket_ids(const char *peeraddr, const char *peername,
 	}
 	strlcpy(sub_peeraddr, addr, sizeof(sub_peeraddr));
 
+	if (sub_peername != NULL &&
+			sub_peername != sub_peeraddr) {
+		free(discard_const_p(char,sub_peername));
+		sub_peername = NULL;
+	}
 	sub_peername = SMB_STRDUP(peername);
 	if (sub_peername == NULL) {
 		sub_peername = sub_peeraddr;
@@ -646,7 +651,7 @@ static char *alloc_sub_basic(const char *smb_name, const char *domain_name,
 			break;
 		case 'M' :
 			a_string = realloc_string_sub(a_string, "%M",
-						      sub_peername);
+						      sub_peername ? sub_peername : "");
 			break;
 		case 'R' :
 			a_string = realloc_string_sub(a_string, "%R", remote_proto);
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 8ac0511..db68ace 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -64,6 +64,12 @@ static void smbd_set_server_fd(int fd)
 	 * name, default to its address.
 	 */
 
+	if (sconn->client_id.name != NULL &&
+	    sconn->client_id.name != sconn->client_id.addr) {
+		talloc_free(discard_const_p(char, sconn->client_id.name));
+		sconn->client_id.name = NULL;
+	}
+
 	client_addr(fd, sconn->client_id.addr, sizeof(sconn->client_id.addr));
 
 	name = client_name(sconn->sock);


-- 
Samba Shared Repository


More information about the samba-cvs mailing list