~ubuntu-branches/ubuntu/intrepid/samba/intrepid-updates

Viewing changes to debian/patches/upstream_bug5517.patch

Committer: Bazaar Package Importer
Author(s): Jamie Strandboge
Date: 2008-06-30 09:17:40 UTC
Revision ID: james.westby@ubuntu.com-20080630091740-nwz9mmtszc27aeur

Tags: 2:3.0.30-2ubuntu3

* debian/patches/upstream_bug5517.patch: adjust cli_negprot() to properly
  calculate buffer sizes. This bug was introduced in the fix for
  CVE-2008-1105
* References
  LP: #241448
  https://bugzilla.samba.org/show_bug.cgi?id=5517

files added:
debian/patches/upstream_bug5517.patch

files modified:
debian/changelog

debian/patches/series

Show diffs side-by-side

added added

removed removed

debian/patches/upstream_bug5517.patch

diff -Nur samba-3.0.30/source/libsmb/cliconnect.c samba-3.0.30.new/source/libsmb/cliconnect.c

--- samba-3.0.30/source/libsmb/cliconnect.c 2008-05-28 08:41:11.000000000 -0400

+++ samba-3.0.30.new/source/libsmb/cliconnect.c 2008-06-30 09:17:06.000000000 -0400

@@ -1328,9 +1328,9 @@

if (cli->capabilities & (CAP_LARGE_READX|CAP_LARGE_WRITEX)) {

SAFE_FREE(cli->outbuf);

SAFE_FREE(cli->inbuf);

- cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN);

- cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN);

- cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE;

+ cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);

+ cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);

+ cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE + LARGE_WRITEX_HDR_SIZE;

}

} else if (cli->protocol >= PROTOCOL_LANMAN1) {

Older »