2
# Description: fix credentials file disclosure and unauthorized usage via setuid mount.cifs
3
# Patch: http://www.samba.org/samba/ftp/patches/security/samba-3.4.1-CVE-2009-2948-1.patch
4
# Patch: http://www.samba.org/samba/ftp/patches/security/samba-3.4.1-CVE-2009-2948-2.patch
6
diff -Nur samba-3.4.0/source3/client/mount.cifs.c samba-3.4.0.new/source3/client/mount.cifs.c
7
--- samba-3.4.0/source3/client/mount.cifs.c 2009-07-03 07:21:14.000000000 -0400
8
+++ samba-3.4.0.new/source3/client/mount.cifs.c 2009-09-29 08:34:44.000000000 -0400
14
+ i = access(file_name, R_OK);
18
fs = fopen(file_name,"r");
24
if(filename != NULL) {
25
+ rc = access(filename, R_OK);
27
+ fprintf(stderr, "mount.cifs failed: access check of %s failed: %s\n",
28
+ filename, strerror(errno));
31
file_descript = open(filename, O_RDONLY);
32
if(file_descript < 0) {
33
printf("mount.cifs failed. %s attempting to open password file %s\n",
39
- printf("parsing options: %s\n", data);
41
/* BB fixme check for separator override BB */
45
} else if (strncmp(data, "pass", 4) == 0) {
46
if (!value || !*value) {
48
- printf("\npassword specified twice, ignoring second\n");
49
+ fprintf(stderr, "\npassword specified twice, ignoring second\n");
52
- } else if (strnlen(value, 17) < 17) {
54
- printf("\nmount.cifs warning - password specified twice\n");
56
+ } else if (strnlen(value, MOUNT_PASSWD_SIZE) < MOUNT_PASSWD_SIZE) {
58
+ fprintf(stderr, "\nmount.cifs warning - password specified twice\n");
60
+ mountpassword = strndup(value, MOUNT_PASSWD_SIZE);
61
+ if (!mountpassword) {
62
+ fprintf(stderr, "mount.cifs error: %s", strerror(ENOMEM));
69
- printf("password too long\n");
70
+ fprintf(stderr, "password too long\n");
75
} else if (strncmp(data, "sec", 3) == 0) {
77
if (!strncmp(value, "none", 4) ||
78
@@ -1384,15 +1401,6 @@
79
strlcat(options,domain_name,options_size);
83
- /* Commas have to be doubled, or else they will
84
- look like the parameter separator */
85
-/* if(sep is not set)*/
87
- check_for_comma(&mountpassword);
88
- strlcat(options,",pass=",options_size);
89
- strlcat(options,mountpassword,options_size);
92
strlcat(options,",ver=",options_size);
93
strlcat(options,MOUNT_CIFS_VERSION_MAJOR,options_size);
95
strlcat(options,",prefixpath=",options_size);
96
strlcat(options,prefixpath,options_size); /* no need to cat the / */
99
- printf("\nmount.cifs kernel mount options %s \n",options);
101
/* convert all '\\' to '/' in share portion so that /proc/mounts looks pretty */
102
replace_char(dev_name, '\\', '/', strlen(share_name));
103
@@ -1438,6 +1444,25 @@
108
+ fprintf(stderr, "\nmount.cifs kernel mount options: %s", options);
110
+ if (mountpassword) {
112
+ * Commas have to be doubled, or else they will
113
+ * look like the parameter separator
116
+ check_for_comma(&mountpassword);
117
+ strlcat(options,",pass=",options_size);
118
+ strlcat(options,mountpassword,options_size);
120
+ fprintf(stderr, ",pass=********");
124
+ fprintf(stderr, "\n");
126
if (!fakemnt && mount(dev_name, mountpoint, "cifs", flags, options)) {