[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-318-ge40c372

Gerald (Jerry) Carter Thu, 15 Nov 2007 10:00:41 -0800

The branch, v3-2-test has been updated
       via  e40c372e0ddf631dd9162c1fdfaaa49c29915f23 (commit)
      from  242fc0099cc81877d8e9630b46dfb8d4a3265d94 (commit)


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -----------------------------------------------------------------
commit e40c372e0ddf631dd9162c1fdfaaa49c29915f23
Author: Gerald (Jerry) Carter <[EMAIL PROTECTED]>
Date:   Wed Nov 14 20:51:14 2007 -0600

    Fix for CVE-2007-5398.
    
    == Subject:     Remote code execution in Samba's WINS
    ==              server daemon (nmbd) when processing name
    ==              registration followed name query requests.
    ==
    == CVE ID#:     CVE-2007-5398
    ==
    == Versions:    Samba 3.0.0 - 3.0.26a (inclusive)
    ...
    Secunia Research reported a vulnerability that allows for
    the execution of arbitrary code in nmbd.  This defect may
    only be exploited when the "wins support" parameter has
    been enabled in smb.conf.

-----------------------------------------------------------------------

Summary of changes:
 source/nmbd/nmbd_packets.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/nmbd/nmbd_packets.c b/source/nmbd/nmbd_packets.c
index d49c8ba..b78ab5b 100644
--- a/source/nmbd/nmbd_packets.c
+++ b/source/nmbd/nmbd_packets.c
@@ -970,6 +970,12 @@ for id %hu\n", packet_type, 
nmb_namestr(&orig_nmb->question.question_name),
        nmb->answers->ttl      = ttl;
 
        if (data && len) {
+               if (len < 0 || len > sizeof(nmb->answers->rdata)) {
+                       DEBUG(5,("reply_netbios_packet: "
+                               "invalid packet len (%d)\n",
+                               len ));
+                       return;
+               }
                nmb->answers->rdlength = len;
                memcpy(nmb->answers->rdata, data, len);
        }


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-318-ge40c372

Reply via email to