Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 235185 Details for
Bug 323785
<net-fs/samba-3.3.13: Samba Memory Corruption Vulnerability (CVE-2010-2063)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 3.3
CVE-2010-2063_samba-3.3.patch (text/plain), 1.06 KB, created by
Matthias Geerdsen (RETIRED)
on 2010-06-13 15:02:33 UTC
(
hide
)
Description:
patch for 3.3
Filename:
MIME Type:
Creator:
Matthias Geerdsen (RETIRED)
Created:
2010-06-13 15:02:33 UTC
Size:
1.06 KB
patch
obsolete
>diff --git a/source/smbd/process.c b/source/smbd/process.c >index 446b868..403c7c6 100644 >--- a/source/smbd/process.c >+++ b/source/smbd/process.c >@@ -1645,6 +1645,7 @@ void construct_reply_common(const char *inbuf, char *outbuf) > void chain_reply(struct smb_request *req) > { > static char *orig_inbuf; >+ static int orig_size; > > /* > * Dirty little const_discard: We mess with req->inbuf, which is >@@ -1679,13 +1680,24 @@ void chain_reply(struct smb_request *req) > if (chain_size == 0) { > /* this is the first part of the chain */ > orig_inbuf = inbuf; >+ orig_size = size; > } > >+ /* Validate smb_off2 */ >+ if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) { >+ exit_server_cleanly("Bad chained packet"); >+ return; >+ } > /* > * We need to save the output the caller added to the chain so that we > * can splice it into the final output buffer later. > */ > >+ if (outsize <= smb_wct) { >+ exit_server_cleanly("Bad chained packet"); >+ return; >+ } >+ > caller_outputlen = outsize - smb_wct; > > caller_output = (char *)memdup(outbuf + smb_wct, caller_outputlen);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 323785
:
235183
| 235185