Tue Mar 13 13:22:24 2012 UTC ()

Add patch for CVE-2012-0870.

Bump PKGREVISION.


(taca)

diff -r1.19 -r1.20 pkgsrc/net/samba33/Makefile
diff -r1.8 -r1.9 pkgsrc/net/samba33/distinfo
diff -r0 -r1.1 pkgsrc/net/samba33/patches/patch-smbd_process.c

--- pkgsrc/net/samba33/Attic/Makefile 2012/02/06 12:41:17 1.19
+++ pkgsrc/net/samba33/Attic/Makefile 2012/03/13 13:22:24 1.20

 @@ -1,19 +1,19 @@
-# $NetBSD: Makefile,v 1.19 2012/02/06 12:41:17 wiz Exp $
+# $NetBSD: Makefile,v 1.20 2012/03/13 13:22:24 taca Exp $
 .include "../../net/samba/Makefile.mirrors"
 DISTNAME=		samba-${VERSION}
-PKGREVISION=		2
+PKGREVISION=		3
 CATEGORIES=		net
 MASTER_SITES=		${SAMBA_MIRRORS:=old-versions/}
 MAINTAINER=		pkgsrc-users@NetBSD.org
 HOMEPAGE=		http://www.samba.org/
 COMMENT=		SMB/CIFS protocol server suite
 LICENSE=		gnu-gpl-v3
 VERSION=		3.3.16
 CONFLICTS+=		ja-samba-[0-9]* pam-smbpass-[0-9]* tdb-[0-9]*	\
 			winbind-[0-9]*
 MAKE_JOBS_SAFE=		NO

--- pkgsrc/net/samba33/Attic/distinfo 2011/08/02 14:06:20 1.8
+++ pkgsrc/net/samba33/Attic/distinfo 2012/03/13 13:22:24 1.9

 @@ -1,14 +1,14 @@
-$NetBSD: distinfo,v 1.8 2011/08/02 14:06:20 taca Exp $
+$NetBSD: distinfo,v 1.9 2012/03/13 13:22:24 taca Exp $
 SHA1 (samba-3.3.16.tar.gz) = bfb06f2cd88ba6c2fb9d25cabf3b22bf1a402f08
 RMD160 (samba-3.3.16.tar.gz) = 30e181de0e5399503cad3e09f3dd172a0fc6a011
 Size (samba-3.3.16.tar.gz) = 25566685 bytes
 SHA1 (patch-aa) = 35b1e645bd3d023cd8b6ecde383dac290509ca07
 SHA1 (patch-ab) = 0372ff2e3caca866dacd6ed25ae1d02e34a5b567
 SHA1 (patch-ac) = dfddc9fa7f76126e523c7859ac66ce9dd432d732
 SHA1 (patch-ad) = 447aaf4ea4cc98f0ccd5a3a22e1ffec0e69a3971
 SHA1 (patch-ae) = 6698c698dc64c0f3df159157d182eae6aaa70958
 SHA1 (patch-af) = 2c668c3bcc2fd90be65ef226acd1fec03dff9a91
 SHA1 (patch-ag) = ef8421c3d17deeb0a4621ed50a57b51c755fdd1f
 SHA1 (patch-ah) = d8603bf8ed0e93070dd9d86cb229d8494fde937b
 SHA1 (patch-ai) = 07619c24084bfa380302a5c215ba5283d7be94a8
 @@ -18,13 +18,14 @@ SHA1 (patch-al) = f347808c376922da057256
 SHA1 (patch-am) = 13744f8a5cce3016c37002079eba3c47077e8d6d
 SHA1 (patch-an) = 372cf214a92fa8c2398e1877af36b325d934c514
 SHA1 (patch-ao) = 2b926a77906741c3ec0a74e272acea54b5544d74
 SHA1 (patch-ap) = 91880af078b83bd4dba2de08a3f5f289fbedba77
 SHA1 (patch-aq) = 2413ff4756447d21b4144ba02e5e0bdbce8f631a
 SHA1 (patch-ar) = 5213b0a3d95d106939c2e268a8538c5e2901079a
 SHA1 (patch-as) = a9fcb1813d55d598bf1226cf004de85701c93e61
 SHA1 (patch-at) = dcfbe79496065559380e5713a758816e538e728b
 SHA1 (patch-au) = f94b27a5792acfa3742b4c07b23b3395b73eba84
 SHA1 (patch-av) = e3ebea3cf0a44fc43c8878c1563972ca2c2b60a9
 SHA1 (patch-aw) = 8dafe1df0661ce8f662716804cf39516c2499add
 SHA1 (patch-ax) = 86ba06f64069a837b6422f5ea1d7b16bed7915b0
 SHA1 (patch-lib_replace_test_os2__delete.c) = d4e14bdfb62b51465902f7090b1b2a6a44dc0060
 SHA1 (patch-smbd_process.c) = f12a4224a6a337ceaeac51843eb32c46a71aa7ca

$NetBSD: patch-smbd_process.c,v 1.1 2012/03/13 13:22:24 taca Exp $

* Fix for CVE-2012-0870.

--- smbd/process.c.orig	2011-07-24 19:09:38.000000000 +0000
+++ smbd/process.c
@@ -1656,7 +1656,7 @@ void chain_reply(struct smb_request *req
 	int size = smb_len(req->inbuf)+4;
 
 	int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0);
-	unsigned smb_off2 = SVAL(inbuf,smb_vwv1);
+	static unsigned smb_off2;
 	char *inbuf2;
 	int outsize2;
 	int new_size;
@@ -1681,8 +1681,16 @@ void chain_reply(struct smb_request *req
 		/* this is the first part of the chain */
 		orig_inbuf = inbuf;
 		orig_size = size;
+		smb_off2 = 0;
 	}
 
+	if (SVAL(inbuf,smb_vwv1) <= smb_off2) {
+		DEBUG(1, ("AndX offset not increasing\n"));
+		SCVAL(outbuf, smb_vwv0, 0xFF);
+		return;
+	}
+	smb_off2 = SVAL(inbuf, smb_vwv1);
+
 	/* Validate smb_off2 */
 	if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) {
 		exit_server_cleanly("Bad chained packet");