mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-04 14:39:54 +00:00
samba: CVE-2020-14383 Security Advisory
References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14383 Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Zheng Ruoqin
Khem Raj
@@ -0,0 +1,112 @@
|
|||||||
|
From ff17443fe761eda864d13957bec45f5bac478fe3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
|
||||||
|
Date: Fri, 11 Dec 2020 14:34:31 +0900
|
||||||
|
Subject: [PATCH] CVE-2020-14383: s4/dns: Ensure variable initialization with
|
||||||
|
NULL. do not crash when additional data not found
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Found by Francis Brosnan Blázquez <francis@aspl.es>.
|
||||||
|
Based on patches from Francis Brosnan Blázquez <francis@aspl.es>
|
||||||
|
and Jeremy Allison <jra@samba.org>
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14472
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12795
|
||||||
|
|
||||||
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
||||||
|
Reviewed-by: Jeremy Allison <jra@samba.org>
|
||||||
|
|
||||||
|
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
|
||||||
|
Autobuild-Date(master): Mon Aug 24 00:21:41 UTC 2020 on sn-devel-184
|
||||||
|
|
||||||
|
(based on commit df98e7db04c901259dd089e20cd557bdbdeaf379)
|
||||||
|
(based on commit 7afe449e7201be92bed8e53cbb37b74af720ef4e
|
||||||
|
|
||||||
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
|
||||||
|
---
|
||||||
|
.../rpc_server/dnsserver/dcerpc_dnsserver.c | 31 ++++++++++---------
|
||||||
|
1 file changed, 17 insertions(+), 14 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
|
||||||
|
index 910de9a1..618c7096 100644
|
||||||
|
--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
|
||||||
|
+++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
|
||||||
|
@@ -1754,15 +1754,17 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
|
||||||
|
TALLOC_CTX *tmp_ctx;
|
||||||
|
char *name;
|
||||||
|
const char * const attrs[] = { "name", "dnsRecord", NULL };
|
||||||
|
- struct ldb_result *res;
|
||||||
|
- struct DNS_RPC_RECORDS_ARRAY *recs;
|
||||||
|
+ struct ldb_result *res = NULL;
|
||||||
|
+ struct DNS_RPC_RECORDS_ARRAY *recs = NULL;
|
||||||
|
char **add_names = NULL;
|
||||||
|
- char *rname;
|
||||||
|
+ char *rname = NULL;
|
||||||
|
const char *preference_name = NULL;
|
||||||
|
int add_count = 0;
|
||||||
|
int i, ret, len;
|
||||||
|
WERROR status;
|
||||||
|
- struct dns_tree *tree, *base, *node;
|
||||||
|
+ struct dns_tree *tree = NULL;
|
||||||
|
+ struct dns_tree *base = NULL;
|
||||||
|
+ struct dns_tree *node = NULL;
|
||||||
|
|
||||||
|
tmp_ctx = talloc_new(mem_ctx);
|
||||||
|
W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
|
||||||
|
@@ -1845,15 +1847,15 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- talloc_free(res);
|
||||||
|
- talloc_free(tree);
|
||||||
|
- talloc_free(name);
|
||||||
|
+ TALLOC_FREE(res);
|
||||||
|
+ TALLOC_FREE(tree);
|
||||||
|
+ TALLOC_FREE(name);
|
||||||
|
|
||||||
|
/* Add any additional records */
|
||||||
|
if (select_flag & DNS_RPC_VIEW_ADDITIONAL_DATA) {
|
||||||
|
for (i=0; i<add_count; i++) {
|
||||||
|
- struct dnsserver_zone *z2;
|
||||||
|
-
|
||||||
|
+ struct dnsserver_zone *z2 = NULL;
|
||||||
|
+ struct ldb_message *msg = NULL;
|
||||||
|
/* Search all the available zones for additional name */
|
||||||
|
for (z2 = dsstate->zones; z2; z2 = z2->next) {
|
||||||
|
char *encoded_name;
|
||||||
|
@@ -1865,14 +1867,15 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
|
||||||
|
LDB_SCOPE_ONELEVEL, attrs,
|
||||||
|
"(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))",
|
||||||
|
encoded_name);
|
||||||
|
- talloc_free(name);
|
||||||
|
+ TALLOC_FREE(name);
|
||||||
|
if (ret != LDB_SUCCESS) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (res->count == 1) {
|
||||||
|
+ msg = res->msgs[0];
|
||||||
|
break;
|
||||||
|
} else {
|
||||||
|
- talloc_free(res);
|
||||||
|
+ TALLOC_FREE(res);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -1885,10 +1888,10 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
|
||||||
|
}
|
||||||
|
status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A,
|
||||||
|
select_flag, rname,
|
||||||
|
- res->msgs[0], 0, recs,
|
||||||
|
+ msg, 0, recs,
|
||||||
|
NULL, NULL);
|
||||||
|
- talloc_free(rname);
|
||||||
|
- talloc_free(res);
|
||||||
|
+ TALLOC_FREE(rname);
|
||||||
|
+ TALLOC_FREE(res);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.25.1
|
||||||
|
|
||||||
@@ -29,6 +29,7 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \
|
|||||||
file://0001-Add-options-to-configure-the-use-of-libbsd.patch \
|
file://0001-Add-options-to-configure-the-use-of-libbsd.patch \
|
||||||
file://0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch \
|
file://0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch \
|
||||||
file://CVE-2020-14318.patch \
|
file://CVE-2020-14318.patch \
|
||||||
|
file://CVE-2020-14383.patch \
|
||||||
"
|
"
|
||||||
SRC_URI_append_libc-musl = " \
|
SRC_URI_append_libc-musl = " \
|
||||||
file://samba-pam.patch \
|
file://samba-pam.patch \
|
||||||
|
|||||||
Reference in New Issue
Block a user