diff options
| author | vorlon <vorlon@alioth.debian.org> | 2007-11-25 01:21:30 +0000 |
|---|---|---|
| committer | vorlon <vorlon@alioth.debian.org> | 2007-11-25 01:21:30 +0000 |
| commit | c2cdf1b6924a607a08d26c4c0826f7c4dddf0ec2 (patch) | |
| tree | cfb6ea20a89e7141dc7b6e112e0c5a678005fb71 | |
| parent | 8eef70533804fc17cbd32c1768934391a05a1254 (diff) | |
| download | samba-debian/3.0.24-6etch7.tar.gz | |
Fix for one final regression related to the fix for CVE-2007-4572, pulleddebian/3.0.24-6etch7
from upstream. Thanks to Santiago Garcia Mantinan <manty@debian.org> for
catching this.
git-svn-id: svn://svn.debian.org/svn/pkg-samba/branches/samba/etch@1605 fc4039ab-9d04-0410-8cac-899223bdd6b0
| -rw-r--r-- | debian/changelog | 8 | ||||
| -rw-r--r-- | debian/patches/security-CVE-2007-4572_part2.patch | 17 |
2 files changed, 25 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 222c60a1e2..a530289920 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +samba (3.0.24-6etch7) stable-security; urgency=low + + * Fix for one final regression related to the fix for CVE-2007-4572, + pulled from upstream. Thanks to Santiago Garcia Mantinan + <manty@debian.org> for catching this. + + -- Steve Langasek <vorlon@debian.org> Sat, 24 Nov 2007 02:17:06 -0800 + samba (3.0.24-6etch6) stable-security; urgency=high * debian/patches/security-CVE-2007-4572_part2.patch: fix a regression diff --git a/debian/patches/security-CVE-2007-4572_part2.patch b/debian/patches/security-CVE-2007-4572_part2.patch index 62ff142fc9..67c5385b66 100644 --- a/debian/patches/security-CVE-2007-4572_part2.patch +++ b/debian/patches/security-CVE-2007-4572_part2.patch @@ -238,3 +238,20 @@ Index: samba-3.0.24/source/smbd/trans2.c pdata += len; data_size = PTR_DIFF(pdata,(*ppdata)); +diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c +index 05a5962..058faed 100644 +--- a/source/smbd/sesssetup.c ++++ b/source/smbd/sesssetup.c +@@ -68,9 +68,9 @@ static int add_signature(char *outbuf, char *p) + + fstr_sprintf( lanman, "Samba %s", SAMBA_VERSION_STRING); + +- p += srvstr_push(outbuf, p, "Unix", -1, STR_TERMINATE); +- p += srvstr_push(outbuf, p, lanman, -1, STR_TERMINATE); +- p += srvstr_push(outbuf, p, lp_workgroup(), -1, STR_TERMINATE); ++ p += srvstr_push(outbuf, p, "Unix", BUFFER_SIZE - (p - outbuf), STR_TERMINATE); ++ p += srvstr_push(outbuf, p, lanman, BUFFER_SIZE - (p - outbuf), STR_TERMINATE); ++ p += srvstr_push(outbuf, p, lp_workgroup(), BUFFER_SIZE - (p - outbuf), STR_TERMINATE); + + return PTR_DIFF(p, start); + } |