Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 172416 Details for
Bug 247620
net-fs/samba <3.0.33 Potential leak of arbitrary memory contents (CVE-2008-4314)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
3.0.32-CVE-2008-4314.patch
3.0.32-CVE-2008-4314.patch (text/plain), 1.80 KB, created by
Robert Buchholz (RETIRED)
on 2008-11-19 20:48:20 UTC
(
hide
)
Description:
3.0.32-CVE-2008-4314.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-11-19 20:48:20 UTC
Size:
1.80 KB
patch
obsolete
>From e334563f48f85b1580638d3dd444c2f9c97f05af Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Sat, 8 Nov 2008 17:14:06 +0100 >Subject: [PATCH] Fix the offset checks in the trans routines > >This fixes a potential crash bug, a client can make us read memory we >should not read. Luckily I got the disp checks right... > >Volker >--- > source/smbd/ipc.c | 6 +++--- > source/smbd/nttrans.c | 6 +++--- > source/smbd/trans2.c | 6 +++--- > 3 files changed, 9 insertions(+), 9 deletions(-) > >diff --git a/source/smbd/ipc.c b/source/smbd/ipc.c >index 6961a5c..a53bc5b 100644 >--- a/source/smbd/ipc.c >+++ b/source/smbd/ipc.c >@@ -764,10 +764,10 @@ void reply_transs(struct smb_request *req) > goto bad_param; > } > >- if (ddisp > av_size || >+ if (doff > av_size || > dcnt > av_size || >- ddisp+dcnt > av_size || >- ddisp+dcnt < ddisp) { >+ doff+dcnt > av_size || >+ doff+dcnt < doff) { > goto bad_param; > } > >diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c >index 13caf77..ef81404 100644 >--- a/source/smbd/nttrans.c >+++ b/source/smbd/nttrans.c >@@ -2853,10 +2853,10 @@ void reply_nttranss(struct smb_request *req) > goto bad_param; > } > >- if (ddisp > av_size || >+ if (doff > av_size || > dcnt > av_size || >- ddisp+dcnt > av_size || >- ddisp+dcnt < ddisp) { >+ doff+dcnt > av_size || >+ doff+dcnt < doff) { > goto bad_param; > } > >diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c >index acc424f..c7edec1 100644 >--- a/source/smbd/trans2.c >+++ b/source/smbd/trans2.c >@@ -7785,10 +7785,10 @@ void reply_transs2(struct smb_request *req) > goto bad_param; > } > >- if (ddisp > av_size || >+ if (doff > av_size || > dcnt > av_size || >- ddisp+dcnt > av_size || >- ddisp+dcnt < ddisp) { >+ doff+dcnt > av_size || >+ doff+dcnt < doff) { > goto bad_param; > } > >-- >1.5.5 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=172416">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 247620
: 172416
