sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-07-14 07:49:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
ports/net/samba47/files/0001-bug-228462.patch
Timur I. Bakeyev 3284397fb5 Update Samba ports to address multiple CVE vulnerabilities 
Security:	CVE-2018-1139
		CVE-2018-1140
		CVE-2018-10858
		CVE-2018-10918
		CVE-2018-10919
Sponsored by:	iXsystems Inc.
2018-08-14 15:09:36 +00:00

182 lines
5.5 KiB
Diff
Raw Blame History

From d9b748869a8f4018ebee302aae8246bf29f60309 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@iXsystems.com>
Date: Fri, 1 Jun 2018 01:35:08 +0800
Subject: [PATCH 1/2] vfs_fruit: allow broken AFP_Signature where the first
byte is 0
FreeBSD bug ... caused the first byte of the AFP_AfpInfo xattr to be 0
instead of 'A'. This hack allows such broken AFP_AfpInfo blobs to be
parsed by afpinfo_unpack().
FreeBSD Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228462
Signed-off-by: Ralph Boehme <slow@samba.org>
---
source3/modules/vfs_fruit.c | 32 ++++++++++++++++++++++++--------
1 file changed, 24 insertions(+), 8 deletions(-)
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index df3cd0c899e..d84e6991036 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -485,8 +485,9 @@ static int adouble_path(TALLOC_CTX *ctx,
struct smb_filename **ppsmb_fname_out);
static AfpInfo *afpinfo_new(TALLOC_CTX *ctx);
static ssize_t afpinfo_pack(const AfpInfo *ai, char *buf);
-static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data);
-
+static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx,
+ const void *data,
+ const struct smb_filename *smb_fname);
/**
* Return a pointer to an AppleDouble entry
@@ -2073,13 +2074,17 @@ static ssize_t afpinfo_pack(const AfpInfo *ai, char *buf)
return AFP_INFO_SIZE;
}
+#define BROKEN_FREEBSD_AFP_Signature 0x00465000
+
/**
* Unpack a buffer into a AfpInfo structure
*
* Buffer size must be at least AFP_INFO_SIZE
* Returns allocated AfpInfo struct
**/
-static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data)
+static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx,
+ const void *data,
+ const struct smb_filename *smb_fname)
{
AfpInfo *ai = talloc_zero(ctx, AfpInfo);
if (ai == NULL) {
@@ -2092,10 +2097,21 @@ static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data)
memcpy(ai->afpi_FinderInfo, (const char *)data + 16,
sizeof(ai->afpi_FinderInfo));
- if (ai->afpi_Signature != AFP_Signature
- || ai->afpi_Version != AFP_Version) {
- DEBUG(1, ("Bad AfpInfo signature or version\n"));
+ if (ai->afpi_Signature != AFP_Signature) {
+ DBG_WARNING("Bad signature [%x] on [%s]\n",
+ ai->afpi_Signature, smb_fname_str_dbg(smb_fname));
+
+ if (ai->afpi_Signature != BROKEN_FREEBSD_AFP_Signature) {
+ DBG_ERR("Bad AfpInfo signature\n");
+ TALLOC_FREE(ai);
+ return NULL;
+ }
+ }
+
+ if (ai->afpi_Version != AFP_Version) {
+ DBG_ERR("Bad AfpInfo version\n");
TALLOC_FREE(ai);
+ return NULL;
}
return ai;
@@ -4222,7 +4238,7 @@ static ssize_t fruit_pwrite_meta_stream(vfs_handle_struct *handle,
size_t nwritten;
bool ok;
- ai = afpinfo_unpack(talloc_tos(), data);
+ ai = afpinfo_unpack(talloc_tos(), data, fsp->fsp_name);
if (ai == NULL) {
return -1;
}
@@ -4260,7 +4276,7 @@ static ssize_t fruit_pwrite_meta_netatalk(vfs_handle_struct *handle,
int ret;
bool ok;
- ai = afpinfo_unpack(talloc_tos(), data);
+ ai = afpinfo_unpack(talloc_tos(), data, fsp->fsp_name);
if (ai == NULL) {
return -1;
}
--
2.16.3
From 83ce03a278ec9d15b595f4daf8da1641d27ebdd6 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@iXsystems.com>
Date: Fri, 1 Jun 2018 01:35:58 +0800
Subject: [PATCH 2/2] vfs_streams_xattr: don't append 0 byte when creating
xattr
Upstream Samba always appends an internal 0-byte to xattrs to cope
with filesytems or systems that don't support 0-byte sized xattrs.
An older patch already remove this behaviour from the read and write
code paths, but didn't remove it from the create codepath.
FreeBSD Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228462
Signed-off-by: Ralph Boehme <slow@samba.org>
---
source3/modules/vfs_streams_xattr.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
index 8714007cb8d..5f3dfb30beb 100644
--- a/source3/modules/vfs_streams_xattr.c
+++ b/source3/modules/vfs_streams_xattr.c
@@ -476,19 +476,13 @@ static int streams_xattr_open(vfs_handle_struct *handle,
/*
* The attribute does not exist or needs to be truncated
*/
-
- /*
- * Darn, xattrs need at least 1 byte
- */
- char null = '\0';
-
DEBUG(10, ("creating or truncating attribute %s on file %s\n",
xattr_name, smb_fname->base_name));
ret = SMB_VFS_SETXATTR(fsp->conn,
smb_fname,
xattr_name,
- &null, sizeof(null),
+ NULL, 0,
flags & O_EXCL ? XATTR_CREATE : 0);
if (ret != 0) {
goto fail;
--
2.16.3
From daa9930fc10459f0567931622e2ffbb636e365f0 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Sat, 19 May 2018 01:35:45 +0200
Subject: [PATCH] vfs_fruit: fixup broken AFP_Signatures
FreeBSD Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228462
Signed-off-by: Ralph Boehme <slow@samba.org>
---
source3/modules/vfs_fruit.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index d92049cc899..0594fd7a538 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -3935,10 +3935,16 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_struct *handle,
{
ssize_t nread;
int ret;
+ char *p = (char *)data;
nread = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
if (nread == n) {
+ if (offset == 0 && nread > 3 && p[0] == 0 && p[1] == 'F' && p[2] == 'P') {
+ DBG_NOTICE("Fixing AFP_Info of [%s]\n",
+ fsp_str_dbg(fsp));
+ p[0] = 'A';
+ }
return nread;
}
--
2.17.0
Reference in a new issue View git blame Copy permalink