[SCM] Samba Shared Repository - branch v4-0-test updated
Karolin Seeger
kseeger at samba.org
Mon May 26 06:55:03 MDT 2014
The branch, v4-0-test has been updated
via 97a3274 bug #10609: CVE-2014-0239 Don't reply to replies
via d4b0b74 pidl/lib/wscript_build: make use of PERL_LIB_INSTALL_DIR
via d6043d6 script/autobuild: make use of --with-perl-{arch,lib}-install-dir
via 0e430f8 wafsamba: Fail with error message if perl doesn't provide valid dirs.
via 86830d9 wafsamba: If perl can't provide defaults, define them.
from 39ae6a7 FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit 97a32749b4c567890a92de97aaf8b85d5ec0134b
Author: Kai Blin <kai at samba.org>
Date: Tue May 13 08:13:29 2014 +0200
bug #10609: CVE-2014-0239 Don't reply to replies
Due to insufficient input checking, the DNS server will reply to a packet that
has the "reply" bit set. Over UDP, this allows to send a packet with a spoofed
sender address and have two servers DOS each other with circular replies.
This patch fixes bug #10609 and adds a test to make sure we don't regress.
CVE-2014-2039 has been assigned to this issue.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10609
Signed-off-by: Kai Blin <kai at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Kai Blin <kai at samba.org>
Autobuild-Date(master): Tue May 20 04:15:44 CEST 2014 on sn-devel-104
(cherry picked from commit 392ec4d241eb19c812cd49ff73bd32b2b09d8533)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-0-test): Mon May 26 14:54:32 CEST 2014 on sn-devel-104
commit d4b0b741427e6d5ec9626f26eff4068399d8f771
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri May 9 11:49:10 2014 +0200
pidl/lib/wscript_build: make use of PERL_LIB_INSTALL_DIR
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10472
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Sat May 10 01:37:33 CEST 2014 on sn-devel-104
(cherry picked from commit cf75ef9f73f2cdbf2a039bbc9468f5da6a14834e)
commit d6043d62521391cf9c1d5b0f7f11618c6c3b46fb
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri May 9 11:48:26 2014 +0200
script/autobuild: make use of --with-perl-{arch,lib}-install-dir
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10472
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit d18ee9e4b6f4c9a24b555c111e08396012c1755a)
commit 0e430f836f34a2dd7976bc46c37fbfe4d320395d
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri May 9 09:42:23 2014 +0200
wafsamba: Fail with error message if perl doesn't provide valid dirs.
We try harder to get valid directories, we now fallback like this:
vendorarch => sitearch => archlib
and
vendorlib => sitelib => privlib
The new options are --with-perl-arch-install-dir and
--with-perl-lib-install-dir.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10472
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 2637890ef42a238093f0f3cbdda0d621d5f9b2e2)
commit 86830d9c31a3bc0856fe12859bb13be56077db2b
Author: Andreas Schneider <asn at samba.org>
Date: Tue Apr 15 10:24:24 2014 +0200
wafsamba: If perl can't provide defaults, define them.
This should fix the installation on FreeBSD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10472
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu May 8 13:55:50 CEST 2014 on sn-devel-104
(cherry picked from commit 0ba276ebad57d75a769e22414f94acbe8c177d97)
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafadmin/Tools/perl.py | 52 +++++++++++++++++++++++++++---------
pidl/lib/wscript_build | 4 +-
python/samba/tests/dns.py | 29 ++++++++++++++++++++
script/autobuild.py | 4 ++-
source4/dns_server/dns_server.c | 6 ++++
5 files changed, 79 insertions(+), 16 deletions(-)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafadmin/Tools/perl.py b/buildtools/wafadmin/Tools/perl.py
index 8f13e28..0f34e79 100644
--- a/buildtools/wafadmin/Tools/perl.py
+++ b/buildtools/wafadmin/Tools/perl.py
@@ -98,27 +98,53 @@ def check_perl_ext_devel(conf):
conf.env.EXTUTILS_TYPEMAP = read_out('print "$Config{privlib}/ExtUtils/typemap"')
conf.env.perlext_PATTERN = '%s.' + read_out('print $Config{dlext}')[0]
- if getattr(Options.options, 'perl_vendorarch_dir', None):
- conf.env.PERL_VENDORARCH_DIR = Options.options.perl_vendorarch_dir
- else:
- conf.env.PERL_VENDORARCH_DIR = read_out('print $Config{vendorarch}')[0]
-
- if getattr(Options.options, 'perl_vendorlib_dir', None):
- conf.env.PERL_VENDORLIB_DIR = Options.options.perl_vendorlib_dir
- else:
- conf.env.PERL_VENDORLIB_DIR = read_out('print $Config{vendorlib}')[0]
+ def try_any(keys):
+ for k in keys:
+ conf.start_msg("Checking for perl $Config{%s}:" % k)
+ try:
+ v = read_out('print $Config{%s}' % k)[0]
+ conf.end_msg("'%s'" % (v), 'GREEN')
+ return v
+ except IndexError:
+ conf.end_msg(False, 'YELLOW')
+ pass
+ return None
+
+ perl_arch_install_dir = None
+ if getattr(Options.options, 'perl_arch_install_dir', None):
+ perl_arch_install_dir = Options.options.perl_arch_install_dir
+ if perl_arch_install_dir is None:
+ perl_arch_install_dir = try_any(['vendorarch', 'sitearch', 'archlib'])
+ if perl_arch_install_dir is None:
+ conf.fatal('No perl arch install directory autodetected.' +
+ 'Please define it with --with-perl-arch-install-dir.')
+ conf.start_msg("PERL_ARCH_INSTALL_DIR: ")
+ conf.end_msg("'%s'" % (perl_arch_install_dir), 'GREEN')
+ conf.env.PERL_ARCH_INSTALL_DIR = perl_arch_install_dir
+
+ perl_lib_install_dir = None
+ if getattr(Options.options, 'perl_lib_install_dir', None):
+ perl_lib_install_dir = Options.options.perl_lib_install_dir
+ if perl_lib_install_dir is None:
+ perl_lib_install_dir = try_any(['vendorlib', 'sitelib', 'privlib'])
+ if perl_lib_install_dir is None:
+ conf.fatal('No perl lib install directory autodetected. ' +
+ 'Please define it with --with-perl-lib-install-dir.')
+ conf.start_msg("PERL_LIB_INSTALL_DIR: ")
+ conf.end_msg("'%s'" % (perl_lib_install_dir), 'GREEN')
+ conf.env.PERL_LIB_INSTALL_DIR = perl_lib_install_dir
def set_options(opt):
opt.add_option("--with-perl-binary", type="string", dest="perlbinary", help = 'Specify alternate perl binary', default=None)
- opt.add_option("--with-perl-vendorarch",
+ opt.add_option("--with-perl-arch-install-dir",
type="string",
- dest="perl_vendorarch_dir",
+ dest="perl_arch_install_dir",
help = ('Specify directory where to install arch specific files'),
default=None)
- opt.add_option("--with-perl-vendorlib",
+ opt.add_option("--with-perl-lib-install-dir",
type="string",
- dest="perl_vendorlib_dir",
+ dest="perl_lib_install_dir",
help = ('Specify directory where to install vendor specific files'),
default=None)
diff --git a/pidl/lib/wscript_build b/pidl/lib/wscript_build
index 5023e07..54b3170 100644
--- a/pidl/lib/wscript_build
+++ b/pidl/lib/wscript_build
@@ -1,7 +1,7 @@
#!/usr/bin/env python
# install the pidl modules
-bld.INSTALL_FILES(bld.env.PERL_VENDORLIB_DIR,
+bld.INSTALL_FILES(bld.env.PERL_LIB_INSTALL_DIR,
'''
Parse/Pidl.pm
Parse/Pidl/Samba4.pm
@@ -32,6 +32,6 @@ bld.INSTALL_FILES(bld.env.PERL_VENDORLIB_DIR,
flat=False)
if not bld.CONFIG_SET('USING_SYSTEM_PARSE_YAPP_DRIVER'):
- bld.INSTALL_FILES(bld.env.PERL_VENDORLIB_DIR,
+ bld.INSTALL_FILES(bld.env.PERL_LIB_INSTALL_DIR,
'Parse/Yapp/Driver.pm',
flat=False)
diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py
index f2c5685..79e4158 100644
--- a/python/samba/tests/dns.py
+++ b/python/samba/tests/dns.py
@@ -833,6 +833,35 @@ class TestInvalidQueries(DNSTest):
self.assertEquals(response.answers[0].rdata,
os.getenv('SERVER_IP'))
+ def test_one_a_reply(self):
+ "send a reply instead of a query"
+
+ p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
+ questions = []
+
+ name = "%s.%s" % ('fakefakefake', self.get_dns_domain())
+ q = self.make_name_question(name, dns.DNS_QTYPE_A, dns.DNS_QCLASS_IN)
+ print "asking for ", q.name
+ questions.append(q)
+
+ self.finish_name_packet(p, questions)
+ p.operation |= dns.DNS_FLAG_REPLY
+ s = None
+ try:
+ send_packet = ndr.ndr_pack(p)
+ s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
+ host=os.getenv('SERVER_IP')
+ s.connect((host, 53))
+ tcp_packet = struct.pack('!H', len(send_packet))
+ tcp_packet += send_packet
+ s.send(tcp_packet, 0)
+ recv_packet = s.recv(0xffff + 2, 0)
+ self.assertEquals(0, len(recv_packet))
+ finally:
+ if s is not None:
+ s.close()
+
+
if __name__ == "__main__":
import unittest
unittest.main()
diff --git a/script/autobuild.py b/script/autobuild.py
index cb822ff..76e777c 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -232,7 +232,9 @@ class builder(object):
self.cmd = self.cmd.replace("${PYTHON_PREFIX}", get_python_lib(standard_lib=1, prefix=self.prefix))
self.cmd = self.cmd.replace("${PREFIX}", "--prefix=%s" % self.prefix)
self.cmd = self.cmd.replace("${PREFIX_DIR}", "%s" % self.prefix)
- self.cmd = self.cmd.replace("${PERL_VENDOR_LIB}", "--with-perl-vendorlib=%s/share/perl5" % self.prefix)
+ perl_vendor_lib = "--with-perl-arch-install-dir=%s/share/perl5 " % self.prefix
+ perl_vendor_lib += "--with-perl-lib-install-dir=%s/lib/perl5" % self.prefix
+ self.cmd = self.cmd.replace("${PERL_VENDOR_LIB}", perl_vendor_lib)
# if self.output_mime_type == "text/x-subunit":
# self.cmd += " | %s --immediate" % (os.path.join(os.path.dirname(__file__), "selftest/format-subunit"))
print '%s: [%s] Running %s' % (self.name, self.stage, self.cmd)
diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c
index 95a2db4..cd18c31 100644
--- a/source4/dns_server/dns_server.c
+++ b/source4/dns_server/dns_server.c
@@ -153,6 +153,12 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
+ if (state->in_packet.operation & DNS_FLAG_REPLY) {
+ DEBUG(1, ("Won't reply to replies.\n"));
+ tevent_req_werror(req, WERR_INVALID_PARAM);
+ return tevent_req_post(req, ev);
+ }
+
state->state.flags = state->in_packet.operation;
state->state.flags |= DNS_FLAG_REPLY;
--
Samba Shared Repository
More information about the samba-cvs
mailing list