summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* VERSION: Disable git snapshots for the 4.1.23 release.samba-4.1.23v4-1-stableKarolin Seeger2016-02-241-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Add release notes for Samba 4.0.23.Karolin Seeger2016-02-241-2/+85
| | | | | | | | CVE-2015-7560 Getting and setting Windows ACLs on symlinks can change permissions on link target. CVE-2016-0771: Read of uninitialized memory DNS TXT handling Signed-off-by: Karolin Seeger <kseeger@samba.org>
* CVE-2016-0771: tests/dns: Remove dependencies on env variablesGarming Sam2016-02-241-34/+26
| | | | | | | | | | | Now that it is invoked as a normal script, there should be less of them. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: tests/dns: change samba.tests.dns from being a unittestGarming Sam2016-02-242-8/+56
| | | | | | | | | | | This makes it easier to invoke, particularly against Windows. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: tests: rename test getopt to get_optGarming Sam2016-02-242-1/+1
| | | | | | | | | | | | This avoids any conflicts in this directory with the original toplevel getopt. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: tests/dns: RPC => DNS roundtrip testGarming Sam2016-02-242-10/+187
| | | | | | | | | | | | | | Make sure that TXT entries stored via RPC come out the same in DNS. This has one caveat in that adding over RPC in Windows eats slashes, and so fails there. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: dnsserver: don't force UTF-8 for TXTGarming Sam2016-02-241-1/+1
| | | | | | | | | | | | While using a charset is not entirely logical, it allows testing of non UTF-8 data (like inserting 0xFF into the TXT string). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: tests/dns: modify tests to check via RPCGarming Sam2016-02-241-106/+165
| | | | | | | | | | | This checks that TXT records added over DNS, look the same over RPC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: tests/dns: Add some more test cases for TXT recordsGarming Sam2016-02-241-39/+71
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: tests/dns: Correct error code for formerly unrun testGarming Sam2016-02-241-1/+1
| | | | | | | | | | | Both Samba and Windows returned NXRRSET BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: tests/dns: restore formerly segfaulting testGarming Sam2016-02-241-26/+25
| | | | | | | | | | | | | This was on the client side, due the a strlen(NULL) on the previously DOS-encoded TXT field. With a new IDL structure, this segfault no longer exists. Note that both Samba and Windows return NXRRSET instead of FORMERR. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: tests/dns: Add a comment regarding odd Windows behaviourGarming Sam2016-02-241-1/+0
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: tests/dns: prepare script for further testingGarming Sam2016-02-241-0/+5
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: tests/dns: Modify dns tests to match new IDLGarming Sam2016-02-241-17/+20
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: dns.idl: make use of dnsp_hinfoStefan Metzmacher2016-02-241-8/+1
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: s4:dns_server: fix idl for dns_txt_recordStefan Metzmacher2016-02-245-39/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | From RFC 1035: 3.3.14. TXT RDATA format +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / TXT-DATA / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ where: TXT-DATA One or more <character-string>s. TXT RRs are used to hold descriptive text. The semantics of the text depends on the domain where it is found. Each record contains an array of strings instead of just one string. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: librpc: add ndr_dnsp_string_list_copy() helper functionStefan Metzmacher2016-02-242-0/+28
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: librpc: add RPC_NDR_DNSSERVER to dcerpc-samba libraryStefan Metzmacher2016-02-241-14/+4
| | | | | | | | | | | | RPC_NDR_DNSSERVER is the client interface NDR_DNSP contains just marshalling helpers. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: s4:librpc: python_dns and python_dcerpc_dnsp doesn't require ↵Stefan Metzmacher2016-02-243-5/+5
| | | | | | | | | | | client bindings BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA test.Jeremy Allison2016-02-243-1/+180
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL test.Jeremy Allison2016-02-243-1/+200
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX cli_posix_setacl() functions. ↵Jeremy Allison2016-02-242-0/+111
| | | | | | | | | Needed for tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX() functions to ↵Jeremy Allison2016-02-243-19/+19
| | | | | | | | | cli_posix_getacl() as they operate on pathnames. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink.Jeremy Allison2016-02-241-0/+5
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: smbd: Silently return no EA's available on a symlink.Jeremy Allison2016-02-241-0/+9
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: smbd: Set return values early, allows removal of code ↵Jeremy Allison2016-02-241-8/+5
| | | | | | | | | duplication. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a symlink.Jeremy Allison2016-02-241-0/+7
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a symlink.Jeremy Allison2016-02-241-0/+6
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: smbd: Refuse to set an ACL from a POSIX file handle on a ↵Jeremy Allison2016-02-241-0/+6
| | | | | | | | | symlink. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX file handle on a ↵Jeremy Allison2016-02-241-0/+7
| | | | | | | | | symlink. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: smbd: Add refuse_symlink() function that can be used to ↵Jeremy Allison2016-02-241-0/+28
| | | | | | | | | prevent operations on a symlink. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* VERSION: Bump version up to 4.1.23...Karolin Seeger2016-02-241-2/+2
| | | | | | | and re-enable git snapshots. Signed-off-by: Karolin Seeger <kseeger@samba.org> (cherry picked from commit 08cff9ca228a3d7714768eb5727201895cd1dd41)
* VERSION: Disable git snapshots for the 4.1.22 release.samba-4.1.22Karolin Seeger2015-12-101-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Add release notes for Samba 4.1.22.Karolin Seeger2015-12-101-3/+159
| | | | | | | | This is a security to address CVE-2015-7540, CVE-2015-3223, CVE-2015-5252, CVE-2015-5299, CVE-2015-5296, CVE-2015-8467, CVE-2015-5330. Signed-off-by: Karolin Seeger <kseeger@samba.org>
* CVE-2015-8467: samdb: Match MS15-096 behaviour for userAccountControlAndrew Bartlett2015-12-101-2/+22
| | | | | | | | | | Swapping between account types is now restricted Bug: https://bugzilla.samba.org/show_bug.cgi?id=11552 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2015-5296: libcli/smb: make sure we require signing when we demand ↵Stefan Metzmacher2015-12-101-0/+11
| | | | | | | | | encryption on a session BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2015-5296: s3:libsmb: force signing when requiring encryption in ↵Stefan Metzmacher2015-12-101-3/+12
| | | | | | | | | SMBC_server_internal() BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2015-5296: s3:libsmb: force signing when requiring encryption in ↵Stefan Metzmacher2015-12-101-1/+6
| | | | | | | | | do_connect() BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2015-5299: s3-shadow-copy2: fix missing access check on snapdirJeremy Allison2015-12-101-0/+45
| | | | | | | | | Fix originally from <partha@exablox.com> https://bugzilla.samba.org/show_bug.cgi?id=11529 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* CVE-2015-5252: s3: smbd: Fix symlink verification (file access outside the ↵Jeremy Allison2015-12-101-3/+10
| | | | | | | | | | | share). Ensure matching component ends in '/' or '\0'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* CVE-2015-7540: lib: util: Check *every* asn1 return call and early return.Jeremy Allison2015-12-101-61/+45
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=9187 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Sep 19 01:29:00 CEST 2014 on sn-devel-104 (cherry picked from commit b9d3fd4cc551df78a7b066ee8ce43bbaa3ff994a)
* CVE-2015-7540: s4: libcli: ldap message - Ensure all asn1_XX returns are ↵Jeremy Allison2015-12-103-395/+401
| | | | | | | | | | | | | | checked. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9187 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Sep 26 03:15:00 CEST 2014 on sn-devel-104 (cherry picked from commit 69a7e3cfdc8dbba9c8dcfdfae82d2894c7247e15)
* ldb: bump version of the required system ldb to 1.1.24Ralph Boehme2015-12-092-3/+4
| | | | | | | | | | | | | | | This is needed to ensure we build against a system ldb library that contains the fixes for CVE-2015-5330 and CVE-2015-3223. autobuild must still be able to build against the older version 1.1.17 including the patches. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11325 Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Bug: https://bugzilla.samba.org/show_bug.cgi?id=11636 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2015-5330: ldb_dn_explode: copy strings by length, not terminatorsDouglas Bagnall2015-12-091-2/+7
| | | | | | | | | | | | | | | | | | That is, memdup(), not strdup(). The terminators might not be there. But, we have to make sure we put the terminator on, because we tend to assume the terminator is there in other places. Use talloc_set_name_const() on the resulting chunk so talloc_report() remains unchanged. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Stefan Metzmacher <metze@samba.org> Pair-programmed-with: Ralph Boehme <slow@samba.org>
* CVE-2015-5330: next_codepoint_handle_ext: don't short-circuit UTF16 low bytesDouglas Bagnall2015-12-091-1/+4
| | | | | | | | | | | | UTF16 contains zero bytes when it is encoding ASCII (for example), so we can't assume the absense of the 0x80 bit means a one byte encoding. No current callers use UTF16. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2015-5330: strupper_talloc_n_handle(): properly count charactersDouglas Bagnall2015-12-091-1/+2
| | | | | | | | | | | When a codepoint eats more than one byte we really want to know, especially if the string is not NUL terminated. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2015-5330: Fix handling of unicode near string endingsDouglas Bagnall2015-12-094-14/+25
| | | | | | | | | | | | | | Until now next_codepoint_ext() and next_codepoint_handle_ext() were using strnlen(str, 5) to determine how much string they should try to decode. This ended up looking past the end of the string when it was not null terminated and the final character looked like a multi-byte encoding. The fix is to let the caller say how long the string can be. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2015-5330: ldb_dn_escape_value: use known string length, not strlen()Douglas Bagnall2015-12-091-4/+8
| | | | | | | | | | | | ldb_dn_escape_internal() reports the number of bytes it copied, so lets use that number, rather than using strlen() and hoping a zero got in the right place. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal()Douglas Bagnall2015-12-091-28/+18
| | | | | | | | | | | | | | Previously we relied on NUL terminated strings and jumped back and forth between copying escaped bytes and memcpy()ing un-escaped chunks. This simple version is easier to reason about and works with unterminated strings. It may also be faster as it avoids reading the string twice (first with strcspn, then with memcpy). Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2015-3223: lib: ldb: Use memmem binary search, not strstr text search.Jeremy Allison2015-12-091-4/+13
| | | | | | | | | Values might have embedded zeros. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11325 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
View Lorry Controller Status