| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in
Samba4).
CVE-2010-3069:
===========
Description
===========
All current released versions of Samba are vulnerable to
a buffer overrun vulnerability. The sid_parse() function
(and related dom_sid_parse() function in the source4 code)
do not correctly check their input lengths when reading a
binary representation of a Windows SID (Security ID). This
allows a malicious client to send a sid that can overflow
the stack variable that is being used to store the SID in the
Samba smbd server.
A connection to a file share is needed to exploit this
vulnerability, either authenticated or unauthenticated
(guest connection).
|
|
|
|
|
|
|
|
| |
These tables really should be auto-generated at some point...
Guenther
(cherry picked from commit aa84ca6e6ba66536ca32dc5792d27e2169589a14)
(cherry picked from commit 35d03a151606f2971b171370af19fd227748213f)
|
|
|
|
|
|
| |
Guenther
(cherry picked from commit e7a8577df1e92982ff717a62280f86e3b0384d54)
(cherry picked from commit 14734deb6aacb592af5ddbbc93397ea79fe0d9bc)
|
|
|
|
|
|
| |
Guenther
(cherry picked from commit 43eb50655e71e5f407ffbd7069cc2d45a3b478b6)
(cherry picked from commit 21eee66cd83db85701aafa4db898f85e1d941ec8)
|
|
|
|
|
|
|
|
| |
Patch initially from: Danny Tylman <danny.tylman@insightix.com>
Guenther
(cherry picked from commit cc98d3ae9f5c1aa29a6ccda2f88351431849e9fd)
(cherry picked from commit f29abd83d8bc7f7eee965fb7b812095f64c01f82)
|
|
|
|
|
|
| |
Guenther
(cherry picked from commit 5603c0f2ba9d5b90e5f8b71e779ec037053f04f8)
(cherry picked from commit a7c80bb70e0153568bc26c0dac044458d47dae0a)
|
|
|
|
| |
Guenther
|
|
|
|
| |
metze
|
|
|
|
| |
metze
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
a goto destination can be specified as a second parameter.
Michael
|
|
|
|
| |
Michael
|
|
|
|
| |
Guenther
|
|
|
|
|
|
|
| |
As they can we static there, we pass the specific handlers as parameter
where we need to support controls.
metze
|
|
|
|
| |
metze
|
|
|
|
| |
metze
|
|
|
|
| |
metze
|
|
|
|
| |
metze
|
|
|
|
| |
Guenther
|
| |
|
|
|
|
|
|
| |
- Adds a few new BRL tests to RAW-LOCK
- Adds a "win7" target to allow torture to handle protocol changes in
windows 7
|
|
|
|
| |
metze
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Move the last part of nbt_name_socket_recv() into
a new function nbt_name_socket_handle_response_packet()
so that it can be reused by an unexpected handler.
metze
(from samba4wins tree cb0377f3b95e50c84fac999a49dde80acc933124)
|
|
|
|
|
| |
metze
(from samba4wins tree 74232901d1e7ea9ebcb3bd8d584dda36fac37223)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the client gets a WACK response, the server
sends a timeout to the client. Possible
values are between 9 and 105 seconds.
Because w2k3 servers have a bug and always return
a value of 5 seconds, we need a workarround.
Always using a fixed value of 30 seconds is bad
as we could timeout to early.
Now we use the value from the server if it's in the
valid range and otherwise we use the upper limit
of the valid range (105s).
metze
(from samba4wins tree 40ef7739f4141598a6392c203e4a2d52d972fe06)
|
|
|
|
|
|
|
|
|
| |
This reverts commit ee7c2170a79f1ca9e2ad1a209d342d8fd287ec8d.
A much more correct fix will come soon.
(40ef7739f4141598a6392c203e4a2d52d972fe06 from the samba4wins tree)
metze
|
|
|
|
| |
since this will not be shipped with talloc/tdb/tevent/etc.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"
for s in $list; do
o=`echo $s | cut -d ':' -f1`
n=`echo $s | cut -d ':' -f2`
r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
for f in $files; do
cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
mv $f.tmp $f
done
done
metze
|
| |
|
|
|
|
| |
Michael
|
|
|
|
| |
Guenther
|
|
|
|
| |
Guenther
|
|
|
|
| |
Guenther
|
| |
|
| |
|
|
|
|
| |
global variable instead.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When libcli-util was moved to the top level
(3be0f6ea56ed8e43cd287ed020e942efb675b87b) it introduced a build
warning. Since ndr_map_error2ntstatus depends on the definition of
enum ndr_err_code and libndr.h can't be easily included in error.h, I
moved the definition of enum ndr_err_code to libndr.h.
This also eliminates the need for the duplicate definition in proto.h
|