[SCM] Samba Shared Repository - branch v4-9-test updated
Karolin Seeger
kseeger at samba.org
Tue Apr 2 13:45:05 UTC 2019
The branch, v4-9-test has been updated
via d59cefc8c3b libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response
via 9c52fdc1871 s3:lib: Fix the debug message for adding cache entries.
from 5b7161153d0 s3:waf: Fix the detection of makdev() macro on Linux
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test
- Log -----------------------------------------------------------------
commit d59cefc8c3bf025c454193f501bd18b8786ac737
Author: Philipp Gesang <philipp.gesang at intra2net.com>
Date: Thu Feb 14 10:17:28 2019 +0100
libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response
Certain Netapp versions are sending SMB2_ENCRYPTION_CAPABILITIES
structures containing DataLength field that includes the padding
[0]. Microsoft has since clarified that only values smaller than
the size are considered invalid [1].
While parsing the NegotiateContext it is ensured that DataLength
does not exceed the message bounds. Also, the value is not
actually used anywhere outside the validation. Thus values
greater than the actual data size are safe to use. This patch
makes Samba fail only on values that are too small for the (fixed
size) payload.
[0] https://lists.samba.org/archive/samba/2019-February/221139.html
[1] https://lists.samba.org/archive/cifs-protocol/2019-March/003210.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13869
Signed-off-by: Philipp Gesang <philipp.gesang at intra2net.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sun Mar 31 01:11:09 UTC 2019 on sn-devel-144
(cherry picked from commit 865b7b0c7d2ba7fa0a045586d1e83a72028a0864)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Tue Apr 2 13:44:38 UTC 2019 on sn-devel-144
commit 9c52fdc18713e6d9c1c871eaf18c3fbf3b2a53cd
Author: Andreas Schneider <asn at samba.org>
Date: Thu Jan 17 13:58:14 2019 +0100
s3:lib: Fix the debug message for adding cache entries.
To get correct values, we need to cast 'timeout' to 'long int' first in
order to do calculation in that integer space! Calculations are don in
the space of the lvalue!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13848
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 5822449a7340f53987ce4c04851652427f5b49e8)
-----------------------------------------------------------------------
Summary of changes:
libcli/smb/smbXcli_base.c | 2 +-
source3/lib/gencache.c | 8 ++++----
2 files changed, 5 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index a237bf17d0a..a8c73be445a 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -5064,7 +5064,7 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq)
return;
}
- if (cipher->data.length != (2 + 2 * cipher_count)) {
+ if (cipher->data.length < (2 + 2 * cipher_count)) {
tevent_req_nterror(req,
NT_STATUS_INVALID_NETWORK_RESPONSE);
return;
diff --git a/source3/lib/gencache.c b/source3/lib/gencache.c
index ab12fc1c531..9f4e1cfcaa3 100644
--- a/source3/lib/gencache.c
+++ b/source3/lib/gencache.c
@@ -294,11 +294,11 @@ bool gencache_set_data_blob(const char *keystr, DATA_BLOB blob,
dbufs[0] = (TDB_DATA) { .dptr = (uint8_t *)hdr, .dsize = hdr_len };
dbufs[1] = (TDB_DATA) { .dptr = blob.data, .dsize = blob.length };
- DEBUG(10, ("Adding cache entry with key=[%s] and timeout="
- "[%s] (%d seconds %s)\n", keystr,
+ DBG_DEBUG("Adding cache entry with key=[%s] and timeout="
+ "[%s] (%ld seconds %s)\n", keystr,
timestring(talloc_tos(), timeout),
- (int)(timeout - time(NULL)),
- timeout > time(NULL) ? "ahead" : "in the past"));
+ ((long int)timeout) - time(NULL),
+ timeout > time(NULL) ? "ahead" : "in the past");
ret = tdb_storev(cache_notrans->tdb, string_term_tdb_data(keystr),
dbufs, 2, 0);
--
Samba Shared Repository
More information about the samba-cvs
mailing list