[SCM] Samba Shared Repository - branch v3-6-test updated
Karolin Seeger
kseeger at samba.org
Mon Aug 5 04:49:12 MDT 2013
The branch, v3-6-test has been updated
via cb48b06 WHATSNEW: Start release notes for Samba 3.6.18.
via dda0d8d VERSION: Bump version number up to 3.6.18.
via d69a4f7 WHATSNEW: Add release notes for Samba 3.6.17.
via 6173b83 Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS.
from dbb52ee build:autoconf: fix output of syslog-facility check
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit cb48b067251c3a523b1bdc10bf4b3ff4fc8b104f
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Aug 5 12:46:58 2013 +0200
WHATSNEW: Start release notes for Samba 3.6.18.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
commit dda0d8da02a41be149af5b66e6b77dae2fd6f227
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Aug 5 12:44:46 2013 +0200
VERSION: Bump version number up to 3.6.18.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
commit d69a4f78b7faf020d3736e4d73848ef8b00ea832
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Jul 29 20:55:18 2013 +0200
WHATSNEW: Add release notes for Samba 3.6.17.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
(cherry picked from commit e03ad1401fd1cca54f9f5c4c1e98ec9ad87b5565)
commit 6173b83e7df39f222771bd71de7a92086387c293
Author: Jeremy Allison <jra at samba.org>
Date: Wed Jul 10 17:10:17 2013 -0700
Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS.
Ensure we never wrap whilst adding client provided input.
CVE-2013-4124
Signed-off-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit efdbcabbe97a594572d71d714d258a5854c5d8ce)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 65 +++++++++++++++++++++++++++++++++++++++++++++---
source3/VERSION | 2 +-
source3/smbd/nttrans.c | 12 +++++++++
3 files changed, 74 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index a921e4a..125d793 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,16 +1,17 @@
==============================
- Release Notes for Samba 3.6.17
+ Release Notes for Samba 3.6.18
August 14, 2013
==============================
This is is the latest stable release of Samba 3.6.
-Major enhancements in Samba 3.6.17 include:
+Major enhancements in Samba 3.6.18 include:
-o
+o
-Changes since 3.6.16:
+
+Changes since 3.6.17:
---------------------
o Jeremy Allison <jra at samba.org>
@@ -39,6 +40,62 @@ Release notes for older releases follow:
----------------------------------------
==============================
+ Release Notes for Samba 3.6.17
+ August 05, 2013
+ ==============================
+
+
+This is a security release in order to address
+CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause
+server to loop with DOS).
+
+o CVE-2013-4124:
+ All current released versions of Samba are vulnerable to a denial of
+ service on an authenticated or guest connection. A malformed packet
+ can cause the smbd server to loop the CPU performing memory
+ allocations and preventing any further service.
+
+ A connection to a file share, or a local account is needed to exploit
+ this problem, either authenticated or unauthenticated if guest
+ connections are allowed.
+
+ This flaw is not exploitable beyond causing the code to loop
+ allocating memory, which may cause the machine to exceed memory
+ limits.
+
+
+Changes since 3.6.16:
+---------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list
+ reading can cause server to loop with DOS.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.6 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
Release Notes for Samba 3.6.16
June 19, 2013
==============================
diff --git a/source3/VERSION b/source3/VERSION
index 6effe73..fb852a7 100644
--- a/source3/VERSION
+++ b/source3/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=3
SAMBA_VERSION_MINOR=6
-SAMBA_VERSION_RELEASE=17
+SAMBA_VERSION_RELEASE=18
########################################################
# Bug fix releases use a letter for the patch revision #
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index ea9d417..5fc3a09 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -989,7 +989,19 @@ struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t
if (next_offset == 0) {
break;
}
+
+ /* Integer wrap protection for the increment. */
+ if (offset + next_offset < offset) {
+ break;
+ }
+
offset += next_offset;
+
+ /* Integer wrap protection for while loop. */
+ if (offset + 4 < offset) {
+ break;
+ }
+
}
return ea_list_head;
--
Samba Shared Repository
More information about the samba-cvs
mailing list