diff options
| author | taca <taca@pkgsrc.org> | 2012-03-13 13:22:24 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2012-03-13 13:22:24 +0000 |
| commit | adfa5980a43e874cb663ae448a274200ebe86493 (patch) | |
| tree | 4a617b604462efe66742719b13f593d3d7f551d9 /net/samba33 | |
| parent | 2541bb289f2ccbc58dd4b64b66f84564d71f7ae3 (diff) | |
| download | pkgsrc-adfa5980a43e874cb663ae448a274200ebe86493.tar.gz | |
Add patch for CVE-2012-0870.
Bump PKGREVISION.
Diffstat (limited to 'net/samba33')
| -rw-r--r-- | net/samba33/Makefile | 4 | ||||
| -rw-r--r-- | net/samba33/distinfo | 3 | ||||
| -rw-r--r-- | net/samba33/patches/patch-smbd_process.c | 32 |
3 files changed, 36 insertions, 3 deletions
diff --git a/net/samba33/Makefile b/net/samba33/Makefile index b6e01840099..81b71b2c850 100644 --- a/net/samba33/Makefile +++ b/net/samba33/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.19 2012/02/06 12:41:17 wiz Exp $ +# $NetBSD: Makefile,v 1.20 2012/03/13 13:22:24 taca Exp $ .include "../../net/samba/Makefile.mirrors" DISTNAME= samba-${VERSION} -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= net MASTER_SITES= ${SAMBA_MIRRORS:=old-versions/} diff --git a/net/samba33/distinfo b/net/samba33/distinfo index fcf98d85189..9605497a1b7 100644 --- a/net/samba33/distinfo +++ b/net/samba33/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.8 2011/08/02 14:06:20 taca Exp $ +$NetBSD: distinfo,v 1.9 2012/03/13 13:22:24 taca Exp $ SHA1 (samba-3.3.16.tar.gz) = bfb06f2cd88ba6c2fb9d25cabf3b22bf1a402f08 RMD160 (samba-3.3.16.tar.gz) = 30e181de0e5399503cad3e09f3dd172a0fc6a011 @@ -28,3 +28,4 @@ SHA1 (patch-av) = e3ebea3cf0a44fc43c8878c1563972ca2c2b60a9 SHA1 (patch-aw) = 8dafe1df0661ce8f662716804cf39516c2499add SHA1 (patch-ax) = 86ba06f64069a837b6422f5ea1d7b16bed7915b0 SHA1 (patch-lib_replace_test_os2__delete.c) = d4e14bdfb62b51465902f7090b1b2a6a44dc0060 +SHA1 (patch-smbd_process.c) = f12a4224a6a337ceaeac51843eb32c46a71aa7ca diff --git a/net/samba33/patches/patch-smbd_process.c b/net/samba33/patches/patch-smbd_process.c new file mode 100644 index 00000000000..4fc764f514b --- /dev/null +++ b/net/samba33/patches/patch-smbd_process.c @@ -0,0 +1,32 @@ +$NetBSD: patch-smbd_process.c,v 1.1 2012/03/13 13:22:24 taca Exp $ + +* Fix for CVE-2012-0870. + +--- smbd/process.c.orig 2011-07-24 19:09:38.000000000 +0000 ++++ smbd/process.c +@@ -1656,7 +1656,7 @@ void chain_reply(struct smb_request *req + int size = smb_len(req->inbuf)+4; + + int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0); +- unsigned smb_off2 = SVAL(inbuf,smb_vwv1); ++ static unsigned smb_off2; + char *inbuf2; + int outsize2; + int new_size; +@@ -1681,8 +1681,16 @@ void chain_reply(struct smb_request *req + /* this is the first part of the chain */ + orig_inbuf = inbuf; + orig_size = size; ++ smb_off2 = 0; + } + ++ if (SVAL(inbuf,smb_vwv1) <= smb_off2) { ++ DEBUG(1, ("AndX offset not increasing\n")); ++ SCVAL(outbuf, smb_vwv0, 0xFF); ++ return; ++ } ++ smb_off2 = SVAL(inbuf, smb_vwv1); ++ + /* Validate smb_off2 */ + if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) { + exit_server_cleanly("Bad chained packet"); |