summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta-networking/recipes-connectivity/samba/samba/0001-util-Simplify-input-validation.patch59
-rw-r--r--meta-networking/recipes-connectivity/samba/samba/0002-util-Fix-build-on-FreeBSD-by-avoiding-NSS_BUFLEN_PAS.patch79
-rw-r--r--meta-networking/recipes-connectivity/samba/samba/0003-util-Reallocate-larger-buffer-if-getpwuid_r-returns-.patch50
-rw-r--r--meta-networking/recipes-connectivity/samba/samba_4.10.18.bb (renamed from meta-networking/recipes-connectivity/samba/samba_4.10.17.bb)7
4 files changed, 2 insertions, 193 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba/0001-util-Simplify-input-validation.patch b/meta-networking/recipes-connectivity/samba/samba/0001-util-Simplify-input-validation.patch
deleted file mode 100644
index e724c04bcd..0000000000
--- a/meta-networking/recipes-connectivity/samba/samba/0001-util-Simplify-input-validation.patch
+++ /dev/null
@@ -1,59 +0,0 @@
1From f9d9ba6cd06aca053c747c399ba700db80b1623c Mon Sep 17 00:00:00 2001
2From: Martin Schwenke <martin@meltin.net>
3Date: Tue, 9 Jun 2020 11:52:50 +1000
4Subject: [PATCH 1/3] util: Simplify input validation
5
6It appears that snprintf(3) is being used for input validation.
7However, this seems like overkill because it causes szPath to be
8copied an extra time. The mostly likely protections being sought
9here, according to https://cwe.mitre.org/data/definitions/20.html,
10look to be DoS attacks involving CPU and memory usage. A simpler
11check that uses strnlen(3) can mitigate against both of these and is
12simpler.
13
14Signed-off-by: Martin Schwenke <martin@meltin.net>
15Reviewed-by: Volker Lendecke <vl@samba.org>
16Reviewed-by: Bjoern Jacke <bjacke@samba.org>
17(cherry picked from commit 922bce2668994dd2a5988c17060f977e9bb0c229)
18
19Upstream-Status:Backport
20[https://gitlab.com/samba-team/samba/-/commit/f9d9ba6cd06aca053c747c399ba700db80b1623c]
21
22Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
23---
24 lib/util/util_paths.c | 9 ++++-----
25 1 file changed, 4 insertions(+), 5 deletions(-)
26
27diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c
28index c0ee5c32c30..dec91772d9e 100644
29--- a/lib/util/util_paths.c
30+++ b/lib/util/util_paths.c
31@@ -69,21 +69,20 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
32 struct passwd pwd = {0};
33 struct passwd *pwdbuf = NULL;
34 char buf[NSS_BUFLEN_PASSWD] = {0};
35+ size_t len;
36 int rc;
37
38 rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
39 if (rc != 0 || pwdbuf == NULL ) {
40- int len_written;
41 const char *szPath = getenv("HOME");
42 if (szPath == NULL) {
43 return NULL;
44 }
45- len_written = snprintf(buf, sizeof(buf), "%s", szPath);
46- if (len_written >= sizeof(buf) || len_written < 0) {
47- /* Output was truncated or an error. */
48+ len = strnlen(szPath, PATH_MAX);
49+ if (len >= PATH_MAX) {
50 return NULL;
51 }
52- return talloc_strdup(mem_ctx, buf);
53+ return talloc_strdup(mem_ctx, szPath);
54 }
55
56 return talloc_strdup(mem_ctx, pwd.pw_dir);
57--
582.17.1
59
diff --git a/meta-networking/recipes-connectivity/samba/samba/0002-util-Fix-build-on-FreeBSD-by-avoiding-NSS_BUFLEN_PAS.patch b/meta-networking/recipes-connectivity/samba/samba/0002-util-Fix-build-on-FreeBSD-by-avoiding-NSS_BUFLEN_PAS.patch
deleted file mode 100644
index dcd79044ae..0000000000
--- a/meta-networking/recipes-connectivity/samba/samba/0002-util-Fix-build-on-FreeBSD-by-avoiding-NSS_BUFLEN_PAS.patch
+++ /dev/null
@@ -1,79 +0,0 @@
1From 57bd719af1f138f44f71b2078995452582da0da6 Mon Sep 17 00:00:00 2001
2From: Martin Schwenke <martin@meltin.net>
3Date: Fri, 5 Jun 2020 21:52:23 +1000
4Subject: [PATCH 2/3] util: Fix build on FreeBSD by avoiding NSS_BUFLEN_PASSWD
5
6NSS_BUFLEN_PASSWD is not defined on FreeBSD. Use
7sysconf(_SC_GETPW_R_SIZE_MAX) instead, as per POSIX.
8
9Use a dynamically allocated buffer instead of trying to cram all of
10the logic into the declarations. This will come in useful later
11anyway.
12
13Signed-off-by: Martin Schwenke <martin@meltin.net>
14Reviewed-by: Volker Lendecke <vl@samba.org>
15Reviewed-by: Bjoern Jacke <bjacke@samba.org>
16(cherry picked from commit 847208cd8ac68c4c7d1dae63767820db1c69292b)
17
18Upstream-Status:Backport
19[https://gitlab.com/samba-team/samba/-/commit/57bd719af1f138f44f71b2078995452582da0da6]
20
21Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
22---
23 lib/util/util_paths.c | 27 ++++++++++++++++++++++-----
24 1 file changed, 22 insertions(+), 5 deletions(-)
25
26diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c
27index dec91772d9e..9bc6df37e5d 100644
28--- a/lib/util/util_paths.c
29+++ b/lib/util/util_paths.c
30@@ -68,24 +68,41 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
31 {
32 struct passwd pwd = {0};
33 struct passwd *pwdbuf = NULL;
34- char buf[NSS_BUFLEN_PASSWD] = {0};
35+ char *buf = NULL;
36+ char *out = NULL;
37+ long int initlen;
38 size_t len;
39 int rc;
40
41- rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
42+ initlen = sysconf(_SC_GETPW_R_SIZE_MAX);
43+ if (initlen == -1) {
44+ len = 1024;
45+ } else {
46+ len = (size_t)initlen;
47+ }
48+ buf = talloc_size(mem_ctx, len);
49+ if (buf == NULL) {
50+ return NULL;
51+ }
52+
53+ rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf);
54 if (rc != 0 || pwdbuf == NULL ) {
55 const char *szPath = getenv("HOME");
56 if (szPath == NULL) {
57- return NULL;
58+ goto done;
59 }
60 len = strnlen(szPath, PATH_MAX);
61 if (len >= PATH_MAX) {
62 return NULL;
63 }
64- return talloc_strdup(mem_ctx, szPath);
65+ out = talloc_strdup(mem_ctx, szPath);
66+ goto done;
67 }
68
69- return talloc_strdup(mem_ctx, pwd.pw_dir);
70+ out = talloc_strdup(mem_ctx, pwd.pw_dir);
71+done:
72+ TALLOC_FREE(buf);
73+ return out;
74 }
75
76 char *path_expand_tilde(TALLOC_CTX *mem_ctx, const char *d)
77--
782.17.1
79
diff --git a/meta-networking/recipes-connectivity/samba/samba/0003-util-Reallocate-larger-buffer-if-getpwuid_r-returns-.patch b/meta-networking/recipes-connectivity/samba/samba/0003-util-Reallocate-larger-buffer-if-getpwuid_r-returns-.patch
deleted file mode 100644
index 53a3f67814..0000000000
--- a/meta-networking/recipes-connectivity/samba/samba/0003-util-Reallocate-larger-buffer-if-getpwuid_r-returns-.patch
+++ /dev/null
@@ -1,50 +0,0 @@
1From 016e08ca07f86af9e0131a908a2df116bcb9a48e Mon Sep 17 00:00:00 2001
2From: Martin Schwenke <martin@meltin.net>
3Date: Fri, 5 Jun 2020 22:05:42 +1000
4Subject: [PATCH 3/3] util: Reallocate larger buffer if getpwuid_r() returns
5 ERANGE
6
7Signed-off-by: Martin Schwenke <martin@meltin.net>
8Reviewed-by: Volker Lendecke <vl@samba.org>
9Reviewed-by: Bjoern Jacke <bjacke@samba.org>
10
11Autobuild-User(master): Martin Schwenke <martins@samba.org>
12Autobuild-Date(master): Tue Jun 9 21:07:24 UTC 2020 on sn-devel-184
13
14(cherry picked from commit ddac6b2eb4adaec8fc5e25ca07387d2b9417764c)
15
16Upstream-Status:Backport
17[https://gitlab.com/samba-team/samba/-/commit/016e08ca07f86af9e0131a908a2df116bcb9a48e]
18
19Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
20---
21 lib/util/util_paths.c | 13 +++++++++++++
22 1 file changed, 13 insertions(+)
23
24diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c
25index 9bc6df37e5d..72cc0aab8de 100644
26--- a/lib/util/util_paths.c
27+++ b/lib/util/util_paths.c
28@@ -86,6 +86,19 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
29 }
30
31 rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf);
32+ while (rc == ERANGE) {
33+ size_t newlen = 2 * len;
34+ if (newlen < len) {
35+ /* Overflow */
36+ goto done;
37+ }
38+ len = newlen;
39+ buf = talloc_realloc_size(mem_ctx, buf, len);
40+ if (buf == NULL) {
41+ goto done;
42+ }
43+ rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf);
44+ }
45 if (rc != 0 || pwdbuf == NULL ) {
46 const char *szPath = getenv("HOME");
47 if (szPath == NULL) {
48--
492.17.1
50
diff --git a/meta-networking/recipes-connectivity/samba/samba_4.10.17.bb b/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb
index 3ae5afbe95..b5085c913b 100644
--- a/meta-networking/recipes-connectivity/samba/samba_4.10.17.bb
+++ b/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb
@@ -28,9 +28,6 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \
28 file://0002-util_sec.c-Move-__thread-variable-to-global-scope.patch \ 28 file://0002-util_sec.c-Move-__thread-variable-to-global-scope.patch \
29 file://0001-Add-options-to-configure-the-use-of-libbsd.patch \ 29 file://0001-Add-options-to-configure-the-use-of-libbsd.patch \
30 file://0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch \ 30 file://0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch \
31 file://0001-util-Simplify-input-validation.patch \
32 file://0002-util-Fix-build-on-FreeBSD-by-avoiding-NSS_BUFLEN_PAS.patch \
33 file://0003-util-Reallocate-larger-buffer-if-getpwuid_r-returns-.patch \
34 " 31 "
35SRC_URI_append_libc-musl = " \ 32SRC_URI_append_libc-musl = " \
36 file://samba-pam.patch \ 33 file://samba-pam.patch \
@@ -39,8 +36,8 @@ SRC_URI_append_libc-musl = " \
39 file://0001-samba-fix-musl-lib-without-innetgr.patch \ 36 file://0001-samba-fix-musl-lib-without-innetgr.patch \
40 " 37 "
41 38
42SRC_URI[md5sum] = "f69cac9ba5035ee60257520a209a0a83" 39SRC_URI[md5sum] = "f006a3d1876113e4a049015969d20fe6"
43SRC_URI[sha256sum] = "03dc9758e7bfa2faf7cdeb45b4d40997e2ee16a41e71996aa666bc069e70ba3e" 40SRC_URI[sha256sum] = "7dcfc2aaaac565b959068788e6a43fc79ce2a03e7d523f5843f7a9fddffc7c2c"
44 41
45UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.10(\.\d+)+).tar.gz" 42UPSTREAM_CHECK_REGEX = "samba\-(?P<pver>4\.10(\.\d+)+).tar.gz"
46 43
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-05-25 05:34:00 +0000