~ubuntu-branches/ubuntu/intrepid/samba/intrepid-proposed

Viewing changes to debian/patches/fix-old-nas-sigseg.patch

Committer: Bazaar Package Importer
Author(s): Chuck Short
Date: 2009-01-12 13:40:17 UTC
mfrom: (56.1.2 intrepid-security)
Revision ID: james.westby@ubuntu.com-20090112134017-2jig6l99ut2cp7qz

Tags: 2:3.2.3-1ubuntu3.5

* debian/patches/fix-libnss-sigabrt.patch: Fix sigabort when using
  wins client. Taken from upstream. (LP: #286119)
* debian/patches/ Fix sigsev when using old NAS devices. Taken
  from upstream. Thanks to Thierry Carrez for tracking this down.
  (LP: #264943)

files added:
debian/patches/fix-libnss-sigabrt.patch

debian/patches/fix-old-nas-sigseg.patch

debian/patches/security-CVE-2008-4314.patch

debian/patches/security-CVE-2009-0022.patch

files modified:
debian/changelog

debian/patches/series

debian/rules

Show diffs side-by-side

added added

removed removed

debian/patches/fix-old-nas-sigseg.patch

diff -Naur samba-3.2.3.orig/source/lib/system.c samba-3.2.3/source/lib/system.c

--- samba-3.2.3.orig/source/lib/system.c 2008-08-27 07:23:20.000000000 -0400

+++ samba-3.2.3/source/lib/system.c 2009-01-12 13:53:35.000000000 -0500

@@ -142,6 +142,20 @@

}

/*******************************************************************

+A writev wrapper that will deal with EINTR.

+********************************************************************/

+ssize_t sys_writev(int fd, const struct iovec *iov, int iovcnt)

+ ssize_t ret;

+ do {

+ ret = writev(fd, iov, iovcnt);

+ } while (ret == -1 && errno == EINTR);

+ return ret;

+/*******************************************************************

A pread wrapper that will deal with EINTR and 64-bit file offsets.

********************************************************************/

diff -Naur samba-3.2.3.orig/source/lib/util_sock.c samba-3.2.3/source/lib/util_sock.c

--- samba-3.2.3.orig/source/lib/util_sock.c 2008-08-27 07:23:20.000000000 -0400

+++ samba-3.2.3/source/lib/util_sock.c 2009-01-12 13:53:35.000000000 -0500

@@ -1037,40 +1037,109 @@

}

/****************************************************************************

- Write data to a fd.

+ Write all data from an iov array

****************************************************************************/

-ssize_t write_data(int fd, const char *buffer, size_t N)

+ssize_t write_data_iov(int fd, const struct iovec *orig_iov, int iovcnt)

{

- size_t total=0;

- ssize_t ret;

- char addr[INET6_ADDRSTRLEN];

+ int i;

+ size_t to_send;

+ ssize_t thistime;

+ size_t sent;

+ struct iovec *iov_copy, *iov;

+ to_send = 0;

+ for (i=0; i<iovcnt; i++) {

+ to_send += orig_iov[i].iov_len;

+ }

+ thistime = sys_writev(fd, orig_iov, iovcnt);

+ if ((thistime <= 0) || (thistime == to_send)) {

+ return thistime;

+ }

+ sent = thistime;

- while (total < N) {

- ret = sys_write(fd,buffer + total,N - total);

+ /*

+ * We could not send everything in one call. Make a copy of iov that

+ * we can mess with. We keep a copy of the array start in iov_copy for

+ * the TALLOC_FREE, because we're going to modify iov later on,

+ * discarding elements.

+ */

- if (ret == -1) {

- if (fd == get_client_fd()) {

- /* Try and give an error message saying

- * what client failed. */

- DEBUG(0,("write_data: write failure in "

- "writing to client %s. Error %s\n",

- get_peer_addr(fd,addr,sizeof(addr)),

- strerror(errno) ));

- } else {

- DEBUG(0,("write_data: write failure. "

- "Error = %s\n", strerror(errno) ));

+ iov_copy = (struct iovec *)TALLOC_MEMDUP(

+ talloc_tos(), orig_iov, sizeof(struct iovec) * iovcnt);

+ if (iov_copy == NULL) {

+ errno = ENOMEM;

+ return -1;

+ }

+ iov = iov_copy;

+ while (sent < to_send) {

+ /*

+ * We have to discard "thistime" bytes from the beginning

+ * iov array, "thistime" contains the number of bytes sent

+ * via writev last.

+ */

+ while (thistime > 0) {

+ if (thistime < iov[0].iov_len) {

+ char *new_base =

+ (char *)iov[0].iov_base + thistime;

+ iov[0].iov_base = new_base;

+ iov[0].iov_len -= thistime;

100

+ break;

101

}

102

- return -1;

103

+ thistime -= iov[0].iov_len;

104

+ iov += 1;

105

+ iovcnt -= 1;

106

}

107

108

- if (ret == 0) {

109

- return total;

110

+ thistime = sys_writev(fd, iov, iovcnt);

111

+ if (thistime <= 0) {

112

+ break;

113

}

114

+ sent += thistime;

115

+ }

116

117

+ TALLOC_FREE(iov_copy);

118

+ return sent;

119

120

121

- total += ret;

122

+/****************************************************************************

123

+ Write data to a fd.

124

+****************************************************************************/

125

126

+/****************************************************************************

127

+ Write data to a fd.

128

+****************************************************************************/

129

130

+ssize_t write_data(int fd, const char *buffer, size_t N)

131

132

+ ssize_t ret;

133

+ struct iovec iov;

134

135

+ iov.iov_base = CONST_DISCARD(char *, buffer);

136

+ iov.iov_len = N;

137

138

+ ret = write_data_iov(fd, &iov, 1);

139

+ if (ret >= 0) {

140

+ return ret;

141

+ }

142

143

+ if (fd == get_client_fd()) {

144

+ char addr[INET6_ADDRSTRLEN];

145

+ /*

146

+ * Try and give an error message saying what client failed.

147

+ */

148

+ DEBUG(0, ("write_data: write failure in writing to client %s. "

149

+ "Error %s\n", get_peer_addr(fd,addr,sizeof(addr)),

150

+ strerror(errno)));

151

+ } else {

152

+ DEBUG(0,("write_data: write failure. Error = %s\n",

153

+ strerror(errno) ));

154

}

155

- return (ssize_t)total;

156

157

+ return -1;

158

}

159

160

/****************************************************************************

161

diff -Naur samba-3.2.3.orig/source/libsmb/clientgen.c samba-3.2.3/source/libsmb/clientgen.c

162

--- samba-3.2.3.orig/source/libsmb/clientgen.c 2008-08-27 07:23:20.000000000 -0400

163

+++ samba-3.2.3/source/libsmb/clientgen.c 2009-01-12 13:53:35.000000000 -0500

164

@@ -315,7 +315,7 @@

165

/* First length to send is the offset to the data. */

166

size_t len = SVAL(cli->outbuf,smb_vwv11) + 4;

167

size_t nwritten=0;

168

- ssize_t ret;

169

+ struct iovec iov[2];

170

171

/* fd == -1 causes segfaults -- Tom (tom@ninja.nl) */

172

if (cli->fd == -1) {

173

@@ -327,33 +327,19 @@

174

return false;

175

}

176

177

- while (nwritten < len) {

178

- ret = write_socket(cli->fd,cli->outbuf+nwritten,len - nwritten);

179

- if (ret <= 0) {

180

- close(cli->fd);

181

- cli->fd = -1;

182

- cli->smb_rw_error = SMB_WRITE_ERROR;

183

- DEBUG(0,("Error writing %d bytes to client. %d (%s)\n",

184

- (int)len,(int)ret, strerror(errno) ));

185

- return false;

186

- }

187

- nwritten += ret;

188

- }

189

+ iov[0].iov_base = cli->outbuf;

190

+ iov[0].iov_len = len;

191

+ iov[1].iov_base = CONST_DISCARD(char *, p);

192

+ iov[1].iov_len = extradata;

193

194

- /* Now write the extra data. */

195

- nwritten=0;

196

- while (nwritten < extradata) {

197

- ret = write_socket(cli->fd,p+nwritten,extradata - nwritten);

198

- if (ret <= 0) {

199

- close(cli->fd);

200

- cli->fd = -1;

201

- cli->smb_rw_error = SMB_WRITE_ERROR;

202

- DEBUG(0,("Error writing %d extradata "

203

- "bytes to client. %d (%s)\n",

204

- (int)extradata,(int)ret, strerror(errno) ));

205

- return false;

206

- }

207

- nwritten += ret;

208

+ nwritten = write_data_iov(cli->fd, iov, 2);

209

+ if (nwritten < (len + extradata)) {

210

+ close(cli->fd);

211

+ cli->fd = -1;

212

+ cli->smb_rw_error = SMB_WRITE_ERROR;

213

+ DEBUG(0,("Error writing %d bytes to client. (%s)\n",

214

+ (int)(len+extradata), strerror(errno)));

215

+ return false;

216

}

217

218

/* Increment the mid so we can tell between responses. */

219

diff -Naur samba-3.2.3.orig/source/libsmb/clilist.c samba-3.2.3/source/libsmb/clilist.c

220

--- samba-3.2.3.orig/source/libsmb/clilist.c 2008-08-27 07:23:20.000000000 -0400

221

+++ samba-3.2.3/source/libsmb/clilist.c 2009-01-12 13:53:35.000000000 -0500

222

@@ -79,16 +79,17 @@

223

p += 27;

224

p += clistr_align_in(cli, p, 0);

225

226

- /* We can safely use +1 here (which is required by OS/2)

227

- * instead of +2 as the STR_TERMINATE flag below is

228

+ /* We can safely use len here (which is required by OS/2)

229

+ * and the NAS-BASIC server instead of +2 or +1 as the

230

+ * STR_TERMINATE flag below is

231

* actually used as the length calculation.

232

- * The len+2 is merely an upper bound.

233

+ * The len is merely an upper bound.

234

* Due to the explicit 2 byte null termination

235

* in cli_receive_trans/cli_receive_nt_trans

236

* we know this is safe. JRA + kukks

237

238

239

- if (p + len + 1 > pdata_end) {

240

+ if (p + len > pdata_end) {

241

return pdata_end - base;

242

}

243

Older »