The branch, v4-0-test has been updated via 97a3274 bug #10609: CVE-2014-0239 Don't reply to replies via d4b0b74 pidl/lib/wscript_build: make use of PERL_LIB_INSTALL_DIR via d6043d6 script/autobuild: make use of --with-perl-{arch,lib}-install-dir via 0e430f8 wafsamba: Fail with error message if perl doesn't provide valid dirs. via 86830d9 wafsamba: If perl can't provide defaults, define them. from 39ae6a7 FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log ----------------------------------------------------------------- commit 97a32749b4c567890a92de97aaf8b85d5ec0134b Author: Kai Blin <k...@samba.org> Date: Tue May 13 08:13:29 2014 +0200 bug #10609: CVE-2014-0239 Don't reply to replies Due to insufficient input checking, the DNS server will reply to a packet that has the "reply" bit set. Over UDP, this allows to send a packet with a spoofed sender address and have two servers DOS each other with circular replies. This patch fixes bug #10609 and adds a test to make sure we don't regress. CVE-2014-2039 has been assigned to this issue. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10609 Signed-off-by: Kai Blin <k...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Kai Blin <k...@samba.org> Autobuild-Date(master): Tue May 20 04:15:44 CEST 2014 on sn-devel-104 (cherry picked from commit 392ec4d241eb19c812cd49ff73bd32b2b09d8533) Autobuild-User(v4-0-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-0-test): Mon May 26 14:54:32 CEST 2014 on sn-devel-104 commit d4b0b741427e6d5ec9626f26eff4068399d8f771 Author: Stefan Metzmacher <me...@samba.org> Date: Fri May 9 11:49:10 2014 +0200 pidl/lib/wscript_build: make use of PERL_LIB_INSTALL_DIR Bug: https://bugzilla.samba.org/show_bug.cgi?id=10472 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Sat May 10 01:37:33 CEST 2014 on sn-devel-104 (cherry picked from commit cf75ef9f73f2cdbf2a039bbc9468f5da6a14834e) commit d6043d62521391cf9c1d5b0f7f11618c6c3b46fb Author: Stefan Metzmacher <me...@samba.org> Date: Fri May 9 11:48:26 2014 +0200 script/autobuild: make use of --with-perl-{arch,lib}-install-dir Bug: https://bugzilla.samba.org/show_bug.cgi?id=10472 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit d18ee9e4b6f4c9a24b555c111e08396012c1755a) commit 0e430f836f34a2dd7976bc46c37fbfe4d320395d Author: Stefan Metzmacher <me...@samba.org> Date: Fri May 9 09:42:23 2014 +0200 wafsamba: Fail with error message if perl doesn't provide valid dirs. We try harder to get valid directories, we now fallback like this: vendorarch => sitearch => archlib and vendorlib => sitelib => privlib The new options are --with-perl-arch-install-dir and --with-perl-lib-install-dir. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10472 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit 2637890ef42a238093f0f3cbdda0d621d5f9b2e2) commit 86830d9c31a3bc0856fe12859bb13be56077db2b Author: Andreas Schneider <a...@samba.org> Date: Tue Apr 15 10:24:24 2014 +0200 wafsamba: If perl can't provide defaults, define them. This should fix the installation on FreeBSD. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10472 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Alexander Bokovoy <a...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Thu May 8 13:55:50 CEST 2014 on sn-devel-104 (cherry picked from commit 0ba276ebad57d75a769e22414f94acbe8c177d97) ----------------------------------------------------------------------- Summary of changes: buildtools/wafadmin/Tools/perl.py | 52 +++++++++++++++++++++++++++--------- pidl/lib/wscript_build | 4 +- python/samba/tests/dns.py | 29 ++++++++++++++++++++ script/autobuild.py | 4 ++- source4/dns_server/dns_server.c | 6 ++++ 5 files changed, 79 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafadmin/Tools/perl.py b/buildtools/wafadmin/Tools/perl.py index 8f13e28..0f34e79 100644 --- a/buildtools/wafadmin/Tools/perl.py +++ b/buildtools/wafadmin/Tools/perl.py @@ -98,27 +98,53 @@ def check_perl_ext_devel(conf): conf.env.EXTUTILS_TYPEMAP = read_out('print "$Config{privlib}/ExtUtils/typemap"') conf.env.perlext_PATTERN = '%s.' + read_out('print $Config{dlext}')[0] - if getattr(Options.options, 'perl_vendorarch_dir', None): - conf.env.PERL_VENDORARCH_DIR = Options.options.perl_vendorarch_dir - else: - conf.env.PERL_VENDORARCH_DIR = read_out('print $Config{vendorarch}')[0] - - if getattr(Options.options, 'perl_vendorlib_dir', None): - conf.env.PERL_VENDORLIB_DIR = Options.options.perl_vendorlib_dir - else: - conf.env.PERL_VENDORLIB_DIR = read_out('print $Config{vendorlib}')[0] + def try_any(keys): + for k in keys: + conf.start_msg("Checking for perl $Config{%s}:" % k) + try: + v = read_out('print $Config{%s}' % k)[0] + conf.end_msg("'%s'" % (v), 'GREEN') + return v + except IndexError: + conf.end_msg(False, 'YELLOW') + pass + return None + + perl_arch_install_dir = None + if getattr(Options.options, 'perl_arch_install_dir', None): + perl_arch_install_dir = Options.options.perl_arch_install_dir + if perl_arch_install_dir is None: + perl_arch_install_dir = try_any(['vendorarch', 'sitearch', 'archlib']) + if perl_arch_install_dir is None: + conf.fatal('No perl arch install directory autodetected.' + + 'Please define it with --with-perl-arch-install-dir.') + conf.start_msg("PERL_ARCH_INSTALL_DIR: ") + conf.end_msg("'%s'" % (perl_arch_install_dir), 'GREEN') + conf.env.PERL_ARCH_INSTALL_DIR = perl_arch_install_dir + + perl_lib_install_dir = None + if getattr(Options.options, 'perl_lib_install_dir', None): + perl_lib_install_dir = Options.options.perl_lib_install_dir + if perl_lib_install_dir is None: + perl_lib_install_dir = try_any(['vendorlib', 'sitelib', 'privlib']) + if perl_lib_install_dir is None: + conf.fatal('No perl lib install directory autodetected. ' + + 'Please define it with --with-perl-lib-install-dir.') + conf.start_msg("PERL_LIB_INSTALL_DIR: ") + conf.end_msg("'%s'" % (perl_lib_install_dir), 'GREEN') + conf.env.PERL_LIB_INSTALL_DIR = perl_lib_install_dir def set_options(opt): opt.add_option("--with-perl-binary", type="string", dest="perlbinary", help = 'Specify alternate perl binary', default=None) - opt.add_option("--with-perl-vendorarch", + opt.add_option("--with-perl-arch-install-dir", type="string", - dest="perl_vendorarch_dir", + dest="perl_arch_install_dir", help = ('Specify directory where to install arch specific files'), default=None) - opt.add_option("--with-perl-vendorlib", + opt.add_option("--with-perl-lib-install-dir", type="string", - dest="perl_vendorlib_dir", + dest="perl_lib_install_dir", help = ('Specify directory where to install vendor specific files'), default=None) diff --git a/pidl/lib/wscript_build b/pidl/lib/wscript_build index 5023e07..54b3170 100644 --- a/pidl/lib/wscript_build +++ b/pidl/lib/wscript_build @@ -1,7 +1,7 @@ #!/usr/bin/env python # install the pidl modules -bld.INSTALL_FILES(bld.env.PERL_VENDORLIB_DIR, +bld.INSTALL_FILES(bld.env.PERL_LIB_INSTALL_DIR, ''' Parse/Pidl.pm Parse/Pidl/Samba4.pm @@ -32,6 +32,6 @@ bld.INSTALL_FILES(bld.env.PERL_VENDORLIB_DIR, flat=False) if not bld.CONFIG_SET('USING_SYSTEM_PARSE_YAPP_DRIVER'): - bld.INSTALL_FILES(bld.env.PERL_VENDORLIB_DIR, + bld.INSTALL_FILES(bld.env.PERL_LIB_INSTALL_DIR, 'Parse/Yapp/Driver.pm', flat=False) diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py index f2c5685..79e4158 100644 --- a/python/samba/tests/dns.py +++ b/python/samba/tests/dns.py @@ -833,6 +833,35 @@ class TestInvalidQueries(DNSTest): self.assertEquals(response.answers[0].rdata, os.getenv('SERVER_IP')) + def test_one_a_reply(self): + "send a reply instead of a query" + + p = self.make_name_packet(dns.DNS_OPCODE_QUERY) + questions = [] + + name = "%s.%s" % ('fakefakefake', self.get_dns_domain()) + q = self.make_name_question(name, dns.DNS_QTYPE_A, dns.DNS_QCLASS_IN) + print "asking for ", q.name + questions.append(q) + + self.finish_name_packet(p, questions) + p.operation |= dns.DNS_FLAG_REPLY + s = None + try: + send_packet = ndr.ndr_pack(p) + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) + host=os.getenv('SERVER_IP') + s.connect((host, 53)) + tcp_packet = struct.pack('!H', len(send_packet)) + tcp_packet += send_packet + s.send(tcp_packet, 0) + recv_packet = s.recv(0xffff + 2, 0) + self.assertEquals(0, len(recv_packet)) + finally: + if s is not None: + s.close() + + if __name__ == "__main__": import unittest unittest.main() diff --git a/script/autobuild.py b/script/autobuild.py index cb822ff..76e777c 100755 --- a/script/autobuild.py +++ b/script/autobuild.py @@ -232,7 +232,9 @@ class builder(object): self.cmd = self.cmd.replace("${PYTHON_PREFIX}", get_python_lib(standard_lib=1, prefix=self.prefix)) self.cmd = self.cmd.replace("${PREFIX}", "--prefix=%s" % self.prefix) self.cmd = self.cmd.replace("${PREFIX_DIR}", "%s" % self.prefix) - self.cmd = self.cmd.replace("${PERL_VENDOR_LIB}", "--with-perl-vendorlib=%s/share/perl5" % self.prefix) + perl_vendor_lib = "--with-perl-arch-install-dir=%s/share/perl5 " % self.prefix + perl_vendor_lib += "--with-perl-lib-install-dir=%s/lib/perl5" % self.prefix + self.cmd = self.cmd.replace("${PERL_VENDOR_LIB}", perl_vendor_lib) # if self.output_mime_type == "text/x-subunit": # self.cmd += " | %s --immediate" % (os.path.join(os.path.dirname(__file__), "selftest/format-subunit")) print '%s: [%s] Running %s' % (self.name, self.stage, self.cmd) diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c index 95a2db4..cd18c31 100644 --- a/source4/dns_server/dns_server.c +++ b/source4/dns_server/dns_server.c @@ -153,6 +153,12 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } + if (state->in_packet.operation & DNS_FLAG_REPLY) { + DEBUG(1, ("Won't reply to replies.\n")); + tevent_req_werror(req, WERR_INVALID_PARAM); + return tevent_req_post(req, ev); + } + state->state.flags = state->in_packet.operation; state->state.flags |= DNS_FLAG_REPLY; -- Samba Shared Repository