The branch, v3-6-stable has been updated via 71e7cdc s3-smbd: Fix bug #8724. via 3f117d2 WHATSNEW: Add release notes for 3.6.3. via e35523c VERSION: Bump version up to 3.6.3. from b0cd2e5 WHATSNEW: Add another change.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable - Log ----------------------------------------------------------------- commit 71e7cdcce26c1ed7504760a94cf51e79b2ec570c Author: Ira Cooper <i...@wakeful.net> Date: Sun Jan 29 20:36:05 2012 +0100 s3-smbd: Fix bug #8724. Fix bug #8724 - Memory leak in parent smbd on connection. This is CVE-2012-0817. Patch have been created by Ira Cooper <i...@wakeful.net> and Jeremy Allison <j...@samba.org>. (cherry picked from commit 964620240c83024bea8bbce0bc282b0851513808) commit 3f117d2bcf33913e7cc3e4b0e01ac98f649fa078 Author: Karolin Seeger <ksee...@samba.org> Date: Sun Jan 29 20:33:38 2012 +0100 WHATSNEW: Add release notes for 3.6.3. Karolin (cherry picked from commit 677f5573570ad1cbd4c1e1d920f67a0d20edea25) commit e35523c33ab626a8dee8e037aa2027cdc5ad01a6 Author: Karolin Seeger <ksee...@samba.org> Date: Sun Jan 29 20:33:15 2012 +0100 VERSION: Bump version up to 3.6.3. Karolin (cherry picked from commit a3dd55e40cc905a4535d1786f2d53cda221fb3e2) ----------------------------------------------------------------------- Summary of changes: WHATSNEW.txt | 54 ++++++++++++++++++++++++++++++++++++++++++++- source3/VERSION | 2 +- source3/lib/substitute.c | 9 ++++++- source3/smbd/server.c | 6 +++++ 4 files changed, 66 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b3e5008..2868320 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,53 @@ ============================= + Release Notes for Samba 3.6.3 + January 29, 2012 + ============================= + + +This is a security release in order to address +CVE-2012-0817 (Memory leak/Denial of service). + +o CVE-2012-0817: + The Samba File Serving daemon (smbd) in Samba versions + 3.6.0 to 3.6.2 is affected by a memory leak that can + cause a server denial of service. + + +Changes since 3.6.2: +-------------------- + + +o Jeremy Allison <j...@samba.org> + * BUG 8724: Fix memory leak in parent smbd on connection. + + +o Ira Cooper <sa...@ira.wakeful.net> + * BUG 8724: Fix memory leak in parent smbd on connection. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.6 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + +Release notes for older releases follow: +---------------------------------------- + + ============================= Release Notes for Samba 3.6.2 January 25, 2012 ============================= @@ -174,8 +223,9 @@ database (https://bugzilla.samba.org/). == The Samba Team ====================================================================== -Release notes for older releases follow: ----------------------------------------- + +---------------------------------------------------------------------- + ============================= Release Notes for Samba 3.6.1 diff --git a/source3/VERSION b/source3/VERSION index e8a1992..9ba1b54 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ ######################################################## SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=6 -SAMBA_VERSION_RELEASE=2 +SAMBA_VERSION_RELEASE=3 ######################################################## # Bug fix releases use a letter for the patch revision # diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c index e72a8c3..68328e5 100644 --- a/source3/lib/substitute.c +++ b/source3/lib/substitute.c @@ -195,7 +195,7 @@ void sub_set_smb_name(const char *name) } static char sub_peeraddr[INET6_ADDRSTRLEN]; -static const char *sub_peername = ""; +static const char *sub_peername = NULL; static char sub_sockaddr[INET6_ADDRSTRLEN]; void sub_set_socket_ids(const char *peeraddr, const char *peername, @@ -208,6 +208,11 @@ void sub_set_socket_ids(const char *peeraddr, const char *peername, } strlcpy(sub_peeraddr, addr, sizeof(sub_peeraddr)); + if (sub_peername != NULL && + sub_peername != sub_peeraddr) { + free(discard_const_p(char,sub_peername)); + sub_peername = NULL; + } sub_peername = SMB_STRDUP(peername); if (sub_peername == NULL) { sub_peername = sub_peeraddr; @@ -646,7 +651,7 @@ static char *alloc_sub_basic(const char *smb_name, const char *domain_name, break; case 'M' : a_string = realloc_string_sub(a_string, "%M", - sub_peername); + sub_peername ? sub_peername : ""); break; case 'R' : a_string = realloc_string_sub(a_string, "%R", remote_proto); diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 8ac0511..db68ace 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -64,6 +64,12 @@ static void smbd_set_server_fd(int fd) * name, default to its address. */ + if (sconn->client_id.name != NULL && + sconn->client_id.name != sconn->client_id.addr) { + talloc_free(discard_const_p(char, sconn->client_id.name)); + sconn->client_id.name = NULL; + } + client_addr(fd, sconn->client_id.addr, sizeof(sconn->client_id.addr)); name = client_name(sconn->sock); -- Samba Shared Repository