On 2012/01/31 23:34, Nigel Taylor wrote:
> On 01/31/12 07:24, Ian McWilliam wrote:
> > Fo those in need of a samba fix.
> >
> > http://www.samba.org/samba/security/CVE-2012-0817
> >
> > The Samba smbd daemon that listens for incoming connections leaks
> > a small amount of memory on every connection attempt. Although this
> > is a small leak, it happens on every connection even without successful
> > authentication. Thus an attacker can simply loop making connection
> > requests and cause the listening daemon to ever increase in size.
> >
> > Eventually the server process will grow enough to either cause memory
> > allocations in other processes to fail, or be killed by the system
> > as part of its out of memory protection. Either way, denial of service
> > would be achieved.
> >
> > http://www.samba.org/samba/history/samba-3.6.3.html
> >
> > CVE-2012-0817:
> > The Samba File Serving daemon (smbd) in Samba versions
> > 3.6.0 to 3.6.2 is affected by a memory leak that can
> > cause a server denial of service.
> >
> > Ian McWilliam
> >
> >
> >
> >
> >
> Hi,
>
> Built on i386 and amd64. Tests work for the limited setup I have here.
>
> Nigel
>
For reference here's the diff against -current for this.
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/samba/Makefile,v
retrieving revision 1.154
diff -u -p -r1.154 Makefile
--- Makefile 31 Jan 2012 09:12:58 -0000 1.154
+++ Makefile 31 Jan 2012 23:52:41 -0000
@@ -5,8 +5,7 @@ SHARED_ONLY= Yes
COMMENT-main= SMB and CIFS client and server for UNIX
COMMENT-docs= additional documentation and examples for Samba
-DISTNAME= samba-3.6.1
-REVISION-main= 1
+DISTNAME= samba-3.6.3
PKGNAME-main= ${DISTNAME}
FULLPKGNAME-docs= ${DISTNAME:S/-/-docs-/}
FULLPKGPATH-docs= net/samba,-docs
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/samba/distinfo,v
retrieving revision 1.28
diff -u -p -r1.28 distinfo
--- distinfo 21 Oct 2011 20:10:51 -0000 1.28
+++ distinfo 31 Jan 2012 23:52:41 -0000
@@ -1,5 +1,5 @@
-MD5 (samba-3.6.1.tar.gz) = UpFxe+BzTgfcB7YRDhYuhw==
-RMD160 (samba-3.6.1.tar.gz) = btROZrIs7wAWiDH6ftE1cf1eRe0=
-SHA1 (samba-3.6.1.tar.gz) = /tgv2SlY8yCe2zxxMh1LSKvunEs=
-SHA256 (samba-3.6.1.tar.gz) = xbDyqwL+LGQbHOUqFBwo8bP7wJOtqKYu7KcMJeFb1WQ=
-SIZE (samba-3.6.1.tar.gz) = 28984820
+MD5 (samba-3.6.3.tar.gz) = mKydufS26/w/ATqhk/+w0Q==
+RMD160 (samba-3.6.3.tar.gz) = /QT9WJfw808lfFBN6RHhqzT/PiU=
+SHA1 (samba-3.6.3.tar.gz) = QwoeE/4gwX4oCANchj6153aFyJs=
+SHA256 (samba-3.6.3.tar.gz) = Z+JAny1eTVy5R8lfWDSYEFA4hXuEzHPAjazU4svGYHQ=
+SIZE (samba-3.6.3.tar.gz) = 28993737
Index: patches/patch-Makefile_in
===================================================================
RCS file: /cvs/ports/net/samba/patches/patch-Makefile_in,v
retrieving revision 1.17
diff -u -p -r1.17 patch-Makefile_in
--- patches/patch-Makefile_in 26 Sep 2011 09:32:12 -0000 1.17
+++ patches/patch-Makefile_in 31 Jan 2012 23:52:41 -0000
@@ -1,11 +1,11 @@
$OpenBSD: patch-Makefile_in,v 1.17 2011/09/26 09:32:12 sthen Exp $
---- Makefile.in.orig Tue Aug 9 13:17:47 2011
-+++ Makefile.in Mon Sep 12 17:40:48 2011
+--- Makefile.in.orig Thu Jan 26 05:26:48 2012
++++ Makefile.in Thu Jan 26 08:46:44 2012
@@ -28,7 +28,7 @@ SHLD=@SHLD@
LIB_PATH_VAR=@LIB_PATH_VAR@
## Dynamic shared libraries build settings
--DSO_EXPORTS_CMD=-Wl,--version-script,$(srcdir)/exports/`basename $@ | sed
's/@SHLIBEXT@\(.[0-9]\{1,\}\)\{0,1\}$$/@SYMSEXT@/'`
+-DSO_EXPORTS_CMD=-Wl,--version-script,$(srcdir)/exports/`basename $@ | sed
's:\.@SHLIBEXT@[\.0-9]*$$:.@SYMSEXT@:'`
+DSO_EXPORTS_CMD=-Wl,--version-script,$(srcdir)/exports/`basename $@ | sed
's/@SHLIBEXT@\(.[0-9]\{1,\}\)\{0,1\}\(.[0-9]\{1,\}\)\{0,1\}$$/@SYMSEXT@/'`
DSO_EXPORTS=@DSO_EXPORTS@
SHLD_DSO = $(SHLD) $(LDSHFLAGS) $(DSO_EXPORTS) -o $@
Index: patches/patch-lib_substitute_c
===================================================================
RCS file: patches/patch-lib_substitute_c
diff -N patches/patch-lib_substitute_c
--- patches/patch-lib_substitute_c 31 Jan 2012 09:12:59 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,36 +0,0 @@
-$OpenBSD: patch-lib_substitute_c,v 1.1 2012/01/31 09:12:59 sthen Exp $
-
-http://ftp.samba.org/pub/samba/patches/security/samba-3.6.2-CVE-2012-0817.patch
-
---- lib/substitute.c.orig Tue Oct 18 19:48:48 2011
-+++ lib/substitute.c Tue Jan 31 08:45:43 2012
-@@ -195,7 +195,7 @@ void sub_set_smb_name(const char *name)
- }
-
- static char sub_peeraddr[INET6_ADDRSTRLEN];
--static const char *sub_peername = "";
-+static const char *sub_peername = NULL;
- static char sub_sockaddr[INET6_ADDRSTRLEN];
-
- void sub_set_socket_ids(const char *peeraddr, const char *peername,
-@@ -208,6 +208,11 @@ void sub_set_socket_ids(const char *peeraddr, const ch
- }
- strlcpy(sub_peeraddr, addr, sizeof(sub_peeraddr));
-
-+ if (sub_peername != NULL &&
-+ sub_peername != sub_peeraddr) {
-+ free(discard_const_p(char,sub_peername));
-+ sub_peername = NULL;
-+ }
- sub_peername = SMB_STRDUP(peername);
- if (sub_peername == NULL) {
- sub_peername = sub_peeraddr;
-@@ -646,7 +651,7 @@ static char *alloc_sub_basic(const char *smb_name, con
- break;
- case 'M' :
- a_string = realloc_string_sub(a_string, "%M",
-- sub_peername);
-+ sub_peername ?
sub_peername : "");
- break;
- case 'R' :
- a_string = realloc_string_sub(a_string, "%R",
remote_proto);
Index: patches/patch-smbd_server_c
===================================================================
RCS file: patches/patch-smbd_server_c
diff -N patches/patch-smbd_server_c
--- patches/patch-smbd_server_c 31 Jan 2012 09:12:59 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,19 +0,0 @@
-$OpenBSD: patch-smbd_server_c,v 1.1 2012/01/31 09:12:59 sthen Exp $
-
-http://ftp.samba.org/pub/samba/patches/security/samba-3.6.2-CVE-2012-0817.patch
-
---- smbd/server.c.orig Tue Oct 18 19:48:48 2011
-+++ smbd/server.c Tue Jan 31 08:45:43 2012
-@@ -64,6 +64,12 @@ static void smbd_set_server_fd(int fd)
- * name, default to its address.
- */
-
-+ if (sconn->client_id.name != NULL &&
-+ sconn->client_id.name != sconn->client_id.addr) {
-+ talloc_free(discard_const_p(char, sconn->client_id.name));
-+ sconn->client_id.name = NULL;
-+ }
-+
- client_addr(fd, sconn->client_id.addr, sizeof(sconn->client_id.addr));
-
- name = client_name(sconn->sock);
