[SCM] Samba Shared Repository - branch v4-0-test updated

Karolin Seeger kseeger at samba.org
Mon May 26 06:55:03 MDT 2014 

The branch, v4-0-test has been updated
       via  97a3274 bug #10609: CVE-2014-0239 Don't reply to replies
       via  d4b0b74 pidl/lib/wscript_build: make use of PERL_LIB_INSTALL_DIR
       via  d6043d6 script/autobuild: make use of --with-perl-{arch,lib}-install-dir
       via  0e430f8 wafsamba: Fail with error message if perl doesn't provide valid dirs.
       via  86830d9 wafsamba: If perl can't provide defaults, define them.
      from  39ae6a7 FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test


- Log -----------------------------------------------------------------
commit 97a32749b4c567890a92de97aaf8b85d5ec0134b
Author: Kai Blin <kai at samba.org>
Date:   Tue May 13 08:13:29 2014 +0200

    bug #10609: CVE-2014-0239 Don't reply to replies
    
    Due to insufficient input checking, the DNS server will reply to a packet that
    has the "reply" bit set. Over UDP, this allows to send a packet with a spoofed
    sender address and have two servers DOS each other with circular replies.
    
    This patch fixes bug #10609 and adds a test to make sure we don't regress.
    CVE-2014-2039 has been assigned to this issue.
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10609
    
    Signed-off-by: Kai Blin <kai at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Kai Blin <kai at samba.org>
    Autobuild-Date(master): Tue May 20 04:15:44 CEST 2014 on sn-devel-104
    
    (cherry picked from commit 392ec4d241eb19c812cd49ff73bd32b2b09d8533)
    
    Autobuild-User(v4-0-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-0-test): Mon May 26 14:54:32 CEST 2014 on sn-devel-104

commit d4b0b741427e6d5ec9626f26eff4068399d8f771
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri May 9 11:49:10 2014 +0200

    pidl/lib/wscript_build: make use of PERL_LIB_INSTALL_DIR
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10472
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Sat May 10 01:37:33 CEST 2014 on sn-devel-104
    (cherry picked from commit cf75ef9f73f2cdbf2a039bbc9468f5da6a14834e)

commit d6043d62521391cf9c1d5b0f7f11618c6c3b46fb
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri May 9 11:48:26 2014 +0200

    script/autobuild: make use of --with-perl-{arch,lib}-install-dir
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10472
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    (cherry picked from commit d18ee9e4b6f4c9a24b555c111e08396012c1755a)

commit 0e430f836f34a2dd7976bc46c37fbfe4d320395d
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri May 9 09:42:23 2014 +0200

    wafsamba: Fail with error message if perl doesn't provide valid dirs.
    
    We try harder to get valid directories, we now fallback like this:
    
    vendorarch => sitearch => archlib
    and
    vendorlib => sitelib => privlib
    
    The new options are --with-perl-arch-install-dir and
    --with-perl-lib-install-dir.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10472
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    (cherry picked from commit 2637890ef42a238093f0f3cbdda0d621d5f9b2e2)

commit 86830d9c31a3bc0856fe12859bb13be56077db2b
Author: Andreas Schneider <asn at samba.org>
Date:   Tue Apr 15 10:24:24 2014 +0200

    wafsamba: If perl can't provide defaults, define them.
    
    This should fix the installation on FreeBSD.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=10472
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Alexander Bokovoy <ab at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Thu May  8 13:55:50 CEST 2014 on sn-devel-104
    (cherry picked from commit 0ba276ebad57d75a769e22414f94acbe8c177d97)

-----------------------------------------------------------------------

Summary of changes:
 buildtools/wafadmin/Tools/perl.py |   52 +++++++++++++++++++++++++++---------
 pidl/lib/wscript_build            |    4 +-
 python/samba/tests/dns.py         |   29 ++++++++++++++++++++
 script/autobuild.py               |    4 ++-
 source4/dns_server/dns_server.c   |    6 ++++
 5 files changed, 79 insertions(+), 16 deletions(-)


Changeset truncated at 500 lines:

diff --git a/buildtools/wafadmin/Tools/perl.py b/buildtools/wafadmin/Tools/perl.py
index 8f13e28..0f34e79 100644
--- a/buildtools/wafadmin/Tools/perl.py
+++ b/buildtools/wafadmin/Tools/perl.py
@@ -98,27 +98,53 @@ def check_perl_ext_devel(conf):
 	conf.env.EXTUTILS_TYPEMAP  = read_out('print "$Config{privlib}/ExtUtils/typemap"')
 	conf.env.perlext_PATTERN   = '%s.' + read_out('print $Config{dlext}')[0]
 
-	if getattr(Options.options, 'perl_vendorarch_dir', None):
-		conf.env.PERL_VENDORARCH_DIR = Options.options.perl_vendorarch_dir
-	else:
-		conf.env.PERL_VENDORARCH_DIR = read_out('print $Config{vendorarch}')[0]
-
-	if getattr(Options.options, 'perl_vendorlib_dir', None):
-		conf.env.PERL_VENDORLIB_DIR = Options.options.perl_vendorlib_dir
-	else:
-		conf.env.PERL_VENDORLIB_DIR = read_out('print $Config{vendorlib}')[0]
+	def try_any(keys):
+		for k in keys:
+			conf.start_msg("Checking for perl $Config{%s}:" % k)
+			try:
+				v = read_out('print $Config{%s}' % k)[0]
+				conf.end_msg("'%s'" % (v), 'GREEN')
+				return v
+			except IndexError:
+				conf.end_msg(False, 'YELLOW')
+				pass
+		return None
+
+	perl_arch_install_dir = None
+	if getattr(Options.options, 'perl_arch_install_dir', None):
+		perl_arch_install_dir = Options.options.perl_arch_install_dir
+	if perl_arch_install_dir is None:
+		perl_arch_install_dir = try_any(['vendorarch', 'sitearch', 'archlib'])
+	if perl_arch_install_dir is None:
+		conf.fatal('No perl arch install directory autodetected.' +
+			   'Please define it with --with-perl-arch-install-dir.')
+	conf.start_msg("PERL_ARCH_INSTALL_DIR: ")
+	conf.end_msg("'%s'" % (perl_arch_install_dir), 'GREEN')
+	conf.env.PERL_ARCH_INSTALL_DIR = perl_arch_install_dir
+
+	perl_lib_install_dir = None
+	if getattr(Options.options, 'perl_lib_install_dir', None):
+		perl_lib_install_dir = Options.options.perl_lib_install_dir
+	if perl_lib_install_dir is None:
+		perl_lib_install_dir = try_any(['vendorlib', 'sitelib', 'privlib'])
+	if perl_lib_install_dir is None:
+		conf.fatal('No perl lib install directory autodetected. ' +
+			   'Please define it with --with-perl-lib-install-dir.')
+	conf.start_msg("PERL_LIB_INSTALL_DIR: ")
+	conf.end_msg("'%s'" % (perl_lib_install_dir), 'GREEN')
+	conf.env.PERL_LIB_INSTALL_DIR = perl_lib_install_dir
 
 def set_options(opt):
 	opt.add_option("--with-perl-binary", type="string", dest="perlbinary", help = 'Specify alternate perl binary', default=None)
 
-	opt.add_option("--with-perl-vendorarch",
+	opt.add_option("--with-perl-arch-install-dir",
 		       type="string",
-		       dest="perl_vendorarch_dir",
+		       dest="perl_arch_install_dir",
 		       help = ('Specify directory where to install arch specific files'),
 		       default=None)
 
-	opt.add_option("--with-perl-vendorlib",
+	opt.add_option("--with-perl-lib-install-dir",
 		       type="string",
-		       dest="perl_vendorlib_dir",
+		       dest="perl_lib_install_dir",
 		       help = ('Specify directory where to install vendor specific files'),
 		       default=None)
diff --git a/pidl/lib/wscript_build b/pidl/lib/wscript_build
index 5023e07..54b3170 100644
--- a/pidl/lib/wscript_build
+++ b/pidl/lib/wscript_build
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 # install the pidl modules
-bld.INSTALL_FILES(bld.env.PERL_VENDORLIB_DIR,
+bld.INSTALL_FILES(bld.env.PERL_LIB_INSTALL_DIR,
                   '''
                   Parse/Pidl.pm
                   Parse/Pidl/Samba4.pm
@@ -32,6 +32,6 @@ bld.INSTALL_FILES(bld.env.PERL_VENDORLIB_DIR,
                   flat=False)
 
 if not bld.CONFIG_SET('USING_SYSTEM_PARSE_YAPP_DRIVER'):
-    bld.INSTALL_FILES(bld.env.PERL_VENDORLIB_DIR,
+    bld.INSTALL_FILES(bld.env.PERL_LIB_INSTALL_DIR,
                       'Parse/Yapp/Driver.pm',
                       flat=False)
diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py
index f2c5685..79e4158 100644
--- a/python/samba/tests/dns.py
+++ b/python/samba/tests/dns.py
@@ -833,6 +833,35 @@ class TestInvalidQueries(DNSTest):
         self.assertEquals(response.answers[0].rdata,
                           os.getenv('SERVER_IP'))
 
+    def test_one_a_reply(self):
+        "send a reply instead of a query"
+
+        p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
+        questions = []
+
+        name = "%s.%s" % ('fakefakefake', self.get_dns_domain())
+        q = self.make_name_question(name, dns.DNS_QTYPE_A, dns.DNS_QCLASS_IN)
+        print "asking for ", q.name
+        questions.append(q)
+
+        self.finish_name_packet(p, questions)
+        p.operation |= dns.DNS_FLAG_REPLY
+        s = None
+        try:
+            send_packet = ndr.ndr_pack(p)
+            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
+            host=os.getenv('SERVER_IP')
+            s.connect((host, 53))
+            tcp_packet = struct.pack('!H', len(send_packet))
+            tcp_packet += send_packet
+            s.send(tcp_packet, 0)
+            recv_packet = s.recv(0xffff + 2, 0)
+            self.assertEquals(0, len(recv_packet))
+        finally:
+            if s is not None:
+                s.close()
+
+
 if __name__ == "__main__":
     import unittest
     unittest.main()
diff --git a/script/autobuild.py b/script/autobuild.py
index cb822ff..76e777c 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -232,7 +232,9 @@ class builder(object):
         self.cmd = self.cmd.replace("${PYTHON_PREFIX}", get_python_lib(standard_lib=1, prefix=self.prefix))
         self.cmd = self.cmd.replace("${PREFIX}", "--prefix=%s" % self.prefix)
         self.cmd = self.cmd.replace("${PREFIX_DIR}", "%s" % self.prefix)
-        self.cmd = self.cmd.replace("${PERL_VENDOR_LIB}", "--with-perl-vendorlib=%s/share/perl5" % self.prefix)
+        perl_vendor_lib = "--with-perl-arch-install-dir=%s/share/perl5 " % self.prefix
+        perl_vendor_lib += "--with-perl-lib-install-dir=%s/lib/perl5" % self.prefix
+        self.cmd = self.cmd.replace("${PERL_VENDOR_LIB}", perl_vendor_lib)
 #        if self.output_mime_type == "text/x-subunit":
 #            self.cmd += " | %s --immediate" % (os.path.join(os.path.dirname(__file__), "selftest/format-subunit"))
         print '%s: [%s] Running %s' % (self.name, self.stage, self.cmd)
diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c
index 95a2db4..cd18c31 100644
--- a/source4/dns_server/dns_server.c
+++ b/source4/dns_server/dns_server.c
@@ -153,6 +153,12 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx,
 		return tevent_req_post(req, ev);
 	}
 
+	if (state->in_packet.operation & DNS_FLAG_REPLY) {
+		DEBUG(1, ("Won't reply to replies.\n"));
+		tevent_req_werror(req, WERR_INVALID_PARAM);
+		return tevent_req_post(req, ev);
+	}
+
 	state->state.flags = state->in_packet.operation;
 	state->state.flags |= DNS_FLAG_REPLY;
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list