← Back to branch summary

~ubuntu-branches/ubuntu/oneiric/samba/oneiric-security

~ubuntu-branches/ubuntu/oneiric/samba/oneiric-security

« back to all changes in this revision

Viewing changes to debian/patches/initialize_password_db-null-deref

Committer: Package Import Robot
Author(s): Tyler Hicks
Date: 2012-04-12 05:28:44 UTC
mfrom: (147.1.1 oneiric-proposed)
Revision ID: package-import@ubuntu.com-20120412052844-348q6l4dcb303sdu

Tags: 2:3.5.11~dfsg-1ubuntu2.2

https://launchpad.net/bugs/978458

* SECURITY UPDATE: Unauthenticated remote code execution via
  RPC calls (LP: #978458)
  - debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler to generate code
    that uses the same value for array allocation and array length checks.
    Based on upstream patch.
  - debian/patches/CVE-2012-1182-2.patch: Regenerate PIDL generated files with
    the patched PIDL compiler
  - CVE-2012-1182

files added:
.pc/CVE-2012-1182-1.patch

.pc/CVE-2012-1182-1.patch/pidl

.pc/CVE-2012-1182-1.patch/pidl/lib

.pc/CVE-2012-1182-1.patch/pidl/lib/Parse

.pc/CVE-2012-1182-1.patch/pidl/lib/Parse/Pidl

.pc/CVE-2012-1182-1.patch/pidl/lib/Parse/Pidl/Samba4

.pc/CVE-2012-1182-1.patch/pidl/lib/Parse/Pidl/Samba4/NDR

.pc/CVE-2012-1182-1.patch/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm

.pc/CVE-2012-1182-2.patch

.pc/CVE-2012-1182-2.patch/librpc

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_dcerpc.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_dfs.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_drsblobs.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_drsuapi.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_dssetup.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_echo.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_epmapper.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_eventlog.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_krb5pac.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_lsa.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_misc.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_named_pipe_auth.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_nbt.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_netlogon.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_ntlmssp.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_ntsvcs.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_samr.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_schannel.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_security.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_spoolss.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_srvsvc.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_svcctl.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_winreg.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_wkssvc.c

.pc/CVE-2012-1182-2.patch/librpc/gen_ndr/ndr_xattr.c

.pc/CVE-2012-1182-2.patch/source3

.pc/CVE-2012-1182-2.patch/source3/librpc

.pc/CVE-2012-1182-2.patch/source3/librpc/gen_ndr

.pc/CVE-2012-1182-2.patch/source3/librpc/gen_ndr/ndr_libnetapi.c

.pc/CVE-2012-1182-2.patch/source3/librpc/gen_ndr/ndr_messaging.c

.pc/CVE-2012-1182-2.patch/source3/librpc/gen_ndr/ndr_notify.c

.pc/CVE-2012-1182-2.patch/source3/librpc/gen_ndr/ndr_perfcount.c

.pc/CVE-2012-1182-2.patch/source3/librpc/gen_ndr/ndr_printcap.c

.pc/CVE-2012-1182-2.patch/source3/librpc/gen_ndr/ndr_secrets.c

.pc/CVE-2012-1182-2.patch/source3/librpc/gen_ndr/ndr_wbint.c

.pc/initialize_password_db-null-deref

.pc/initialize_password_db-null-deref/source3

.pc/initialize_password_db-null-deref/source3/passdb

.pc/initialize_password_db-null-deref/source3/passdb/pdb_interface.c

debian/patches/CVE-2012-1182-1.patch

debian/patches/CVE-2012-1182-2.patch

debian/patches/initialize_password_db-null-deref

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

librpc/gen_ndr/ndr_dcerpc.c

librpc/gen_ndr/ndr_dfs.c

librpc/gen_ndr/ndr_drsblobs.c

librpc/gen_ndr/ndr_drsuapi.c

librpc/gen_ndr/ndr_dssetup.c

librpc/gen_ndr/ndr_echo.c

librpc/gen_ndr/ndr_epmapper.c

librpc/gen_ndr/ndr_eventlog.c

librpc/gen_ndr/ndr_krb5pac.c

librpc/gen_ndr/ndr_lsa.c

librpc/gen_ndr/ndr_misc.c

librpc/gen_ndr/ndr_named_pipe_auth.c

librpc/gen_ndr/ndr_nbt.c

librpc/gen_ndr/ndr_netlogon.c

librpc/gen_ndr/ndr_ntlmssp.c

librpc/gen_ndr/ndr_ntsvcs.c

librpc/gen_ndr/ndr_samr.c

librpc/gen_ndr/ndr_schannel.c

librpc/gen_ndr/ndr_security.c

librpc/gen_ndr/ndr_spoolss.c

librpc/gen_ndr/ndr_srvsvc.c

librpc/gen_ndr/ndr_svcctl.c

librpc/gen_ndr/ndr_winreg.c

librpc/gen_ndr/ndr_wkssvc.c

librpc/gen_ndr/ndr_xattr.c

pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm

source3/librpc/gen_ndr/ndr_libnetapi.c

source3/librpc/gen_ndr/ndr_messaging.c

source3/librpc/gen_ndr/ndr_notify.c

source3/librpc/gen_ndr/ndr_perfcount.c

source3/librpc/gen_ndr/ndr_printcap.c

source3/librpc/gen_ndr/ndr_secrets.c

source3/librpc/gen_ndr/ndr_wbint.c

source3/passdb/pdb_interface.c

Show diffs side-by-side

added added

removed removed

debian/patches/initialize_password_db-null-deref

1

Description: Avoid null dereference in initialize_password_db()

2

When initialize_password_db() is called with reload=True, it's assumed that

3

the free_private_data member of pdb_methods is non-null. This is not

4

necessarily the case, as the tdb backend has no private data and therefore

5

no free function. Check to see if we have private data that needs freed

6

before calling.

7

Author: Steve Langasek <steve.langasek@ubuntu.com>

8

Bug-Ubuntu: https://bugs.launchpad.net/bugs/829221

9

10

Index: ubuntu/source3/passdb/pdb_interface.c

11

===================================================================

12

--- ubuntu.orig/source3/passdb/pdb_interface.c

13

+++ ubuntu/source3/passdb/pdb_interface.c

14

@@ -176,7 +176,8 @@

15

static struct pdb_methods *pdb = NULL;

16

17

if ( pdb && reload ) {

18

- pdb->free_private_data( &(pdb->private_data) );

19

+ if (pdb->private_data)

20

+ pdb->free_private_data( &(pdb->private_data) );

21

if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) {

22

char *msg = NULL;

23

if (asprintf(&msg, "pdb_get_methods_reload: "

Older »