[SCM] Samba Shared Repository - branch v4-9-test updated

Karolin Seeger kseeger at samba.org
Tue Apr 2 13:45:05 UTC 2019 

The branch, v4-9-test has been updated
       via  d59cefc8c3b libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response
       via  9c52fdc1871 s3:lib: Fix the debug message for adding cache entries.
      from  5b7161153d0 s3:waf: Fix the detection of makdev() macro on Linux

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test


- Log -----------------------------------------------------------------
commit d59cefc8c3bf025c454193f501bd18b8786ac737
Author: Philipp Gesang <philipp.gesang at intra2net.com>
Date:   Thu Feb 14 10:17:28 2019 +0100

    libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response
    
    Certain Netapp versions are sending SMB2_ENCRYPTION_CAPABILITIES
    structures containing DataLength field that includes the padding
    [0]. Microsoft has since clarified that only values smaller than
    the size are considered invalid [1].
    
    While parsing the NegotiateContext it is ensured that DataLength
    does not exceed the message bounds. Also, the value is not
    actually used anywhere outside the validation. Thus values
    greater than the actual data size are safe to use. This patch
    makes Samba fail only on values that are too small for the (fixed
    size) payload.
    
    [0] https://lists.samba.org/archive/samba/2019-February/221139.html
    [1] https://lists.samba.org/archive/cifs-protocol/2019-March/003210.html
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13869
    
    Signed-off-by: Philipp Gesang <philipp.gesang at intra2net.com>
    Reviewed-by: Ralph Böhme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Sun Mar 31 01:11:09 UTC 2019 on sn-devel-144
    
    (cherry picked from commit 865b7b0c7d2ba7fa0a045586d1e83a72028a0864)
    
    Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-9-test): Tue Apr  2 13:44:38 UTC 2019 on sn-devel-144

commit 9c52fdc18713e6d9c1c871eaf18c3fbf3b2a53cd
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jan 17 13:58:14 2019 +0100

    s3:lib: Fix the debug message for adding cache entries.
    
    To get correct values, we need to cast 'timeout' to 'long int' first in
    order to do calculation in that integer space! Calculations are don in
    the space of the lvalue!
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13848
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit 5822449a7340f53987ce4c04851652427f5b49e8)

-----------------------------------------------------------------------

Summary of changes:
 libcli/smb/smbXcli_base.c | 2 +-
 source3/lib/gencache.c    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index a237bf17d0a..a8c73be445a 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -5064,7 +5064,7 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq)
 			return;
 		}
 
-		if (cipher->data.length != (2 + 2 * cipher_count)) {
+		if (cipher->data.length < (2 + 2 * cipher_count)) {
 			tevent_req_nterror(req,
 					NT_STATUS_INVALID_NETWORK_RESPONSE);
 			return;
diff --git a/source3/lib/gencache.c b/source3/lib/gencache.c
index ab12fc1c531..9f4e1cfcaa3 100644
--- a/source3/lib/gencache.c
+++ b/source3/lib/gencache.c
@@ -294,11 +294,11 @@ bool gencache_set_data_blob(const char *keystr, DATA_BLOB blob,
 	dbufs[0] = (TDB_DATA) { .dptr = (uint8_t *)hdr, .dsize = hdr_len };
 	dbufs[1] = (TDB_DATA) { .dptr = blob.data, .dsize = blob.length };
 
-	DEBUG(10, ("Adding cache entry with key=[%s] and timeout="
-	           "[%s] (%d seconds %s)\n", keystr,
+	DBG_DEBUG("Adding cache entry with key=[%s] and timeout="
+	           "[%s] (%ld seconds %s)\n", keystr,
 		   timestring(talloc_tos(), timeout),
-		   (int)(timeout - time(NULL)), 
-		   timeout > time(NULL) ? "ahead" : "in the past"));
+		   ((long int)timeout) - time(NULL),
+		   timeout > time(NULL) ? "ahead" : "in the past");
 
 	ret = tdb_storev(cache_notrans->tdb, string_term_tdb_data(keystr),
 			 dbufs, 2, 0);


-- 
Samba Shared Repository

More information about the samba-cvs mailing list