diff options
Diffstat (limited to 'meta-networking/recipes-connectivity/samba/samba/CVE-2020-14383.patch')
-rw-r--r-- | meta-networking/recipes-connectivity/samba/samba/CVE-2020-14383.patch | 112 |
1 files changed, 112 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14383.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14383.patch new file mode 100644 index 0000000000..3341b80a38 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14383.patch @@ -0,0 +1,112 @@ +From ff17443fe761eda864d13957bec45f5bac478fe3 Mon Sep 17 00:00:00 2001 +From: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> +Date: Fri, 11 Dec 2020 14:34:31 +0900 +Subject: [PATCH] CVE-2020-14383: s4/dns: Ensure variable initialization with + NULL. do not crash when additional data not found +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Found by Francis Brosnan Blázquez <francis@aspl.es>. +Based on patches from Francis Brosnan Blázquez <francis@aspl.es> +and Jeremy Allison <jra@samba.org> + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14472 +BUG: https://bugzilla.samba.org/show_bug.cgi?id=12795 + +Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> +Reviewed-by: Jeremy Allison <jra@samba.org> + +Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> +Autobuild-Date(master): Mon Aug 24 00:21:41 UTC 2020 on sn-devel-184 + +(based on commit df98e7db04c901259dd089e20cd557bdbdeaf379) +(based on commit 7afe449e7201be92bed8e53cbb37b74af720ef4e + +Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> +--- + .../rpc_server/dnsserver/dcerpc_dnsserver.c | 31 ++++++++++--------- + 1 file changed, 17 insertions(+), 14 deletions(-) + +diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c +index 910de9a1..618c7096 100644 +--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c ++++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c +@@ -1754,15 +1754,17 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate, + TALLOC_CTX *tmp_ctx; + char *name; + const char * const attrs[] = { "name", "dnsRecord", NULL }; +- struct ldb_result *res; +- struct DNS_RPC_RECORDS_ARRAY *recs; ++ struct ldb_result *res = NULL; ++ struct DNS_RPC_RECORDS_ARRAY *recs = NULL; + char **add_names = NULL; +- char *rname; ++ char *rname = NULL; + const char *preference_name = NULL; + int add_count = 0; + int i, ret, len; + WERROR status; +- struct dns_tree *tree, *base, *node; ++ struct dns_tree *tree = NULL; ++ struct dns_tree *base = NULL; ++ struct dns_tree *node = NULL; + + tmp_ctx = talloc_new(mem_ctx); + W_ERROR_HAVE_NO_MEMORY(tmp_ctx); +@@ -1845,15 +1847,15 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate, + } + } + +- talloc_free(res); +- talloc_free(tree); +- talloc_free(name); ++ TALLOC_FREE(res); ++ TALLOC_FREE(tree); ++ TALLOC_FREE(name); + + /* Add any additional records */ + if (select_flag & DNS_RPC_VIEW_ADDITIONAL_DATA) { + for (i=0; i<add_count; i++) { +- struct dnsserver_zone *z2; +- ++ struct dnsserver_zone *z2 = NULL; ++ struct ldb_message *msg = NULL; + /* Search all the available zones for additional name */ + for (z2 = dsstate->zones; z2; z2 = z2->next) { + char *encoded_name; +@@ -1865,14 +1867,15 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate, + LDB_SCOPE_ONELEVEL, attrs, + "(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))", + encoded_name); +- talloc_free(name); ++ TALLOC_FREE(name); + if (ret != LDB_SUCCESS) { + continue; + } + if (res->count == 1) { ++ msg = res->msgs[0]; + break; + } else { +- talloc_free(res); ++ TALLOC_FREE(res); + continue; + } + } +@@ -1885,10 +1888,10 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate, + } + status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A, + select_flag, rname, +- res->msgs[0], 0, recs, ++ msg, 0, recs, + NULL, NULL); +- talloc_free(rname); +- talloc_free(res); ++ TALLOC_FREE(rname); ++ TALLOC_FREE(res); + } + } + +-- +2.25.1 + |