diff --git a/samba-3.4.5-cifs_upcall.patch b/samba-3.4.5-cifs_upcall.patch new file mode 100644 index 0000000..7cbc0e0 --- /dev/null +++ b/samba-3.4.5-cifs_upcall.patch @@ -0,0 +1,61 @@ +From efc2e996e3348392f1fd5c0ec7feae4f869fb8f9 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Tue, 16 Feb 2010 09:16:42 -0500 +Subject: [PATCH] cifs.upcall: allocate a talloc context for smb_krb5_unparse_name +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cifs.upcall calls smb_krb5_unparse_name with a NULL talloc context. +Older versions of this function though will conditionally use +SMB_REALLOC instead of TALLOC_REALLOC when a NULL context is passed +in. To make it more consistent, just spawn a talloc context that +we can pass into this function. + +Resolves: +https://bugzilla.redhat.com/show_bug.cgi?id=565446 +https://bugzilla.samba.org/show_bug.cgi?id=6868 + +Reported-by: Ludek Finstrle +Signed-off-by: Jeff Layton +Signed-off-by: Günther Deschner +(cherry picked from commit a8cc2fa09ed43a167f62711bef363a5ac335dc78) +--- + source3/client/cifs.upcall.c | 5 ++++- + 1 files changed, 4 insertions(+), 1 deletions(-) + +diff --git a/source3/client/cifs.upcall.c b/source3/client/cifs.upcall.c +index 1617e0e..d573e76 100644 +--- a/source3/client/cifs.upcall.c ++++ b/source3/client/cifs.upcall.c +@@ -55,6 +55,7 @@ get_tgt_time(const char *ccname) { + krb5_principal principal; + time_t credtime = 0; + char *realm = NULL; ++ TALLOC_CTX *mem_ctx; + + if (krb5_init_context(&context)) { + syslog(LOG_DEBUG, "%s: unable to init krb5 context", __func__); +@@ -86,9 +87,10 @@ get_tgt_time(const char *ccname) { + goto err_ccstart; + } + ++ mem_ctx = talloc_init("cifs.upcall"); + while (!credtime && !krb5_cc_next_cred(context, ccache, &cur, &creds)) { + char *name; +- if (smb_krb5_unparse_name(NULL, context, creds.server, &name)) { ++ if (smb_krb5_unparse_name(mem_ctx, context, creds.server, &name)) { + syslog(LOG_DEBUG, "%s: unable to unparse name", __func__); + goto err_endseq; + } +@@ -101,6 +103,7 @@ get_tgt_time(const char *ccname) { + TALLOC_FREE(name); + } + err_endseq: ++ TALLOC_FREE(mem_ctx); + krb5_cc_end_seq_get(context, ccache, &cur); + err_ccstart: + krb5_free_principal(context, principal); +-- +1.6.6 + diff --git a/samba.spec b/samba.spec index e367bec..0884ef8 100644 --- a/samba.spec +++ b/samba.spec @@ -1,4 +1,4 @@ -%define main_release 55 +%define main_release 56 %define samba_version 3.4.5 %define tdb_version 1.1.3 %define talloc_version 1.3.0 @@ -47,6 +47,7 @@ Patch107: samba-3.2.0pre1-grouppwd.patch Patch200: samba-3.2.5-inotify.patch Patch201: samba-3.4.5-pdbedit.patch Patch202: samba-3.4.5-CVE-2009-3297-mount_cifs.patch +Patch203: samba-3.4.5-cifs_upcall.patch Requires(pre): samba-common = %{epoch}:%{samba_version}-%{release} Requires: pam >= 0:0.64 @@ -206,6 +207,7 @@ cp %{SOURCE11} packaging/Fedora/ %patch200 -p0 -b .inotify %patch201 -p1 -b .pdbedit %patch202 -p1 -b .CVE-2009-3297-mount_cifs +%patch203 -p1 -b .cifs_upcall mv %samba_source/VERSION %samba_source/VERSION.orig sed -e 's/SAMBA_VERSION_VENDOR_SUFFIX=$/&\"%{samba_release}\"/' < %samba_source/VERSION.orig > %samba_source/VERSION @@ -658,6 +660,10 @@ exit 0 %{_datadir}/pixmaps/samba/logo-small.png %changelog +* Wed Feb 17 2010 Guenther Deschner - 3.4.5-56 +- Fix crash in cifs.upcall +- resolves: #565446 + * Wed Jan 26 2010 Guenther Deschner - 3.4.5-55 - Security Release, fixes CVE-2009-3297 - resolves: #532940