| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
CVE-2012-2111
|
|
|
|
| |
Karolin
|
|
|
|
|
|
|
| |
metze
The last 12 patches address bug #8815 (PIDL based autogenerated code allows
overwriting beyond of allocated array; CVE-2012-1182).
|
|
|
|
|
| |
Karolin
(cherry picked from commit 4573fbed636e114d21f6efbb3204ae09dfc9c0c2)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SLES 9's glibc for example had weird macros where the use of strncat resulted
in the use of strcat which we don't allow.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Thu Aug 4 17:50:24 CEST 2011 on sn-devel-104
(cherry picked from commit d3b4d75364210e2d2a4a1cd806f28b0021f22909)
Fix bug #8362 (build issue on old glibc systems).
(cherry picked from commit 87fa72a5202fe3780d4a61289bf755027cd078f4)
(cherry picked from commit 552ccc6588b0744ae9b3731b1406749baea03d5a)
(cherry picked from commit b941edf9c20bd6a92aec2a62be5b830db1194ce8)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is more portable, as we have a strtoll replacement
in lib/replace.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Aug 6 11:55:45 CEST 2011 on sn-devel-104
(cherry picked from commit a6be0820d09b3f3eabfbb5f4356add303aa8a494)
Fix bug #8347 (CVE-2011-2522 regression for HP-UX, AIX and OSF).
(cherry picked from commit ac5d8c0148e10a3a0af9e1dc0849bb6920c26ad7)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(bug #8276)
Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open)
(commit feb3fcd0fa4bda0967b881315595d7702f4d1752) changed the bahavior,
so that we skipped some sockets.
This should work for v3-4-test.
metze
(cherry picked from commit 11b4dec29c9306531e73d5f4c12f89934dd538b4)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since the fix for bso#7836, the parent smbd is responsible for
maintaining an up-to-date printcap cache. It does this by forking a
child process to asynchronously fetch printcap data from CUPS.
When the child process exits after fetching all printcap data, the
parent smbd is sent SIGCHLD. This triggers smbd_sig_chld_handler() which
looks for the exited process PID on a "children" list.
Child smbd process PIDs are added to the "children" list to ensure
cleanup on unclean shutdown and log level change notification messages.
Printcap update process PIDs are not added to the list as they do not
maintain any state that requires cleanup, nor do they wait on tevent for
messages.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Feb 17 11:11:45 CET 2011 on sn-devel-104
(cherry picked from commit 9c12232f1ae36e00d04114ad73edd8ba3c2c6a5c)
Fix bug #8269 (smbd spams log with "Could not find child X -- ignoring"
messages).
(cherry picked from commit ba118ac287d49267dd2f346d4ddd2e590ebbe653)
(cherry picked from commit c943af7ff13c64343e5246b27a7416627bffd365)
|
|
|
|
| |
(cherry picked from commit 9a172dcd2e7bf91d78885325bce7a19e937b48af)
|
|
|
|
|
|
|
|
|
| |
There is currently a lot of duplicate code included for processing
responses to CUPS_GET_PRINTERS and CUPS_GET_CLASSES requests. This
change splits this code into a separate function.
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit a3635edc96e481f1125db1c26e33cae5b22a01a4)
|
|
|
|
|
|
|
|
|
|
|
| |
Use printcap IDL for marshalling and unmarshalling messages between cups
child and parent smbd processes. This simplifies the IPC and ensures
the parent is notified of cups errors encountered by the child.
https://bugzilla.samba.org/show_bug.cgi?id=7994
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit e5a0ac40d7467bb6ce07d942fdadb43f1ec81bfc)
|
|
|
|
|
| |
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 9a107d2d65d3080aebe441b8b93cf17abeb092f7)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cups_async_callback() is called to receive new printcap data from a
child process which requests the information from cupsd.
Newly received printcap information is stored in a temporary printcap
cache (tmp_pcap_cache). Once the child process closes the printcap IPC
file descriptor, the system printcap cache is replaced with the newly
populated tmp_pcap_cache, however this only occurs if tmp_pcap_cache is
non null (has at least one printer).
If the printcap cache is empty, which is the case when cups is not
exporting any printers, the printcap cache is not replaced resulting in
stale data.
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 52bac5ffeea8ecbd2a5ecca023b3e2014c1350da)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pcap_cache_loaded() assertions were added to the (re)load_printers()
functions, to ensure the caller had called pcap_cache_reload() prior to
reloading printer shares.
The problem is, pcap_cache_loaded() returns false if the the pcap_cache
contains no printer entries. i.e. pcap_cache_reload() has run but not
detected any printers.
Remove these assertions, correct call ordering is already enforced.
Signed-off-by: Günther Deschner <gd@samba.org>
The last 3 patches address bug #7836 (A newly added printer isn't visbile to
clients).
(cherry picked from commit da9b2d9d58193ed3da36c2f8ff1e41a1e743ba07)
|
|
|
|
|
|
|
| |
This reverts commit ad450870eacb114b3f15941a4478ba25701e035a.
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit ee094b53d7fd9c46bca57b9815993282c63af00c)
|
|
|
|
|
|
|
| |
This reverts commit 36ea03bbe28122ce03de4969e254dd276cfe5a79.
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 3e1969d229dff2921b43189969dfbe522b167cc2)
|
|
|
|
| |
Karolin
|
|
|
|
|
|
| |
Thanks to Simo for reporting!
Karolin
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In CGI mode, we don't get access to the user's password, which would
reduce the hash used so far to parameters an attacker can easily guess.
To work around this, read the nonce from secrets.tdb or generate one if
it's not there.
Also populate the C_user field so we can use that for token creation.
Signed-off-by: Kai Blin <kai@samba.org>
The last 12 patches address bug #8290 (CSRF vulnerability in SWAT).
This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT).
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
insert arbitrary content into the "change password" page.
This patch fixes the reflection issue by not printing user-specified content on
the website anymore.
Signed-off-by: Kai Blin <kai@samba.org>
|
|
|
|
|
| |
Karolin
(cherry picked from commit 2c72a084ec5eb8d368e34962b39278eb3b2176c6)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure we use a timeout of 60 seconds, not 60 milliseconds...
This prevented us from successfully using the ncacn_ip_tcp client in a lot of
places, I guess.
Guenther
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Apr 13 18:59:19 CEST 2011 on sn-devel-104
(cherry picked from commit 4b3fe5247a6e16b1ad9f05269e9aa00e3120e36a)
Fix bug #8085 - incorrect timeout handling in ncacn_ip_tcp client code.
(cherry picked from commit d7d39c723e1855a3d18813e8a79fcca9770b0142)
(cherry picked from commit f7a175f47ee65c58363615541577db65d8b9fa76)
|
|
|
|
| |
Karolin
|
|
|
|
| |
Karolin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2011-0719
Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open).
All current released versions of Samba are vulnerable to
a denial of service caused by memory corruption. Range
checks on file descriptors being used in the FD_SET macro
were not present allowing stack corruption. This can cause
the Samba code to crash or to loop attempting to select
on a bad file descriptor set.
A connection to a file share, or a local account is needed
to exploit this problem, either authenticated or unauthenticated
(guest connection).
Currently we do not believe this flaw is exploitable
beyond a crash or causing the code to loop, but on the
advice of our security reviewers we are releasing fixes
in case an exploit is discovered at a later date.
|
|
|
|
|
|
|
|
|
| |
When the TCP RST came before the 5 msecs timeout kicked in, we
viewed this as final, as state->req_139 was not set yet.
Fix bug introduced by a fix for bug #7881 (winbind flaky against w2k8).
(cherry picked from commit f2a19b87725f9318e983dff6358a3eee721bff08)
(cherry picked from commit 569be63e727e69e7e52ec39f40e60903c6826614)
|
|
|
|
|
| |
Karolin
(cherry picked from commit fa8af888f7c701ec95febdb90c57aee1e418ad2e)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
checking all architectures.
Continues now with next architecture if no driver is available.
Because of the broken behavior of the rpccli_*() functions,
we need special error code handling.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit f5af66e67d7c6d62315671c0cf57f47973316226)
(cherry picked from commit dc63f45b523deb5c3d0c4be4239507e5fc4f6a40)
(cherry picked from commit fbcecec057bc05d6fcbdab3ef90d32c56335e833)
|
|
|
|
|
|
|
|
|
| |
(cherry picked from commit 280caa6b3bb1199939f9349ea5a436a491c81791)
The last 2 patches address bug #7356 (net ads dns register fails in 2008 R2
domain).
(cherry picked from commit 6857b749229cc72c604ab5646a4bae5f09b72e11)
(cherry picked from commit 7cca44fa97762ccde7166a80bec91a7849f029c1)
|
|
|
|
|
|
|
| |
Andrew Bartlett
(cherry picked from commit 0f1cc889a26477e9a98629f120fe5890b2e106fa)
(cherry picked from commit 2b463484cc7bb80cdfb6727ab9e5a873faff5ec8)
(cherry picked from commit 1d2f3742fcb47e4a13e21b8e3b7e22a9ddeba49c)
|
|
|
|
|
| |
Karolin
(cherry picked from commit f4762c74c0be61cd3c733d82767878fbb25835ac)
|
|
|
|
|
|
| |
nmbd --port didn't work
(cherry picked from commit 79280c99f67c3a3bfb1873b373ec181fa402f18c)
(cherry picked from commit 2b1a5fad6c681d8ff8e592ee92d8251040c0760d)
|
|
|
|
|
|
|
|
|
|
|
|
| |
account name (bug #7896)
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Dec 30 18:09:13 CET 2010 on sn-devel-104
(cherry picked from commit f1d15ea54c313e71fc032b2ed191bdecad868858)
(cherry picked from commit c6a0971b3790253a906b370562237479d273bb94)
(cherry picked from commit b46ec13a9a548cf1bc4ada47751f9e6945306bc7)
|
|
|
|
|
|
|
| |
We might eventually want to change this, but right now we get unix times
out of the winbind pipe struct
(cherry picked from commit 993923880e213136de89b5b8d59f6f32a51b94b7)
(cherry picked from commit 15075858886ee208f800f9bfdcfaf6a56d8653de)
|
|
|
|
|
|
|
|
|
|
| |
-fPIC made shared library builds fail there
Fixes #7821
(cherry picked from commit dbcf73c45782c310cb7ff1f2177d410399e2f06d)
(cherry picked from commit 83eb2e9aef40e5e838d2654298e281ad3ec98af3)
(cherry picked from commit d28ba1d46c226c8c611816393cdf8eba393300f5)
|
|
|
|
| |
(cherry picked from commit 023aa6f4aae29ba22b3d42c815027ba6a66f8ee2)
|
|
|
|
|
| |
The last 8 patches address bug #7881 (winbind flaky against w2k8).
(cherry picked from commit 1a929d8f4c6bae302e5cc53d81117a05eae5fede)
|
|
|
|
| |
(cherry picked from commit ee2534c18b5afa609ff17d9da7ea10bcf7654fc6)
|
|
|
|
| |
(cherry picked from commit 198b6d673787ee40c0ac389ece99cee1844dd585)
|