wok-stable rev 12463

samba: CVE-2017-7494
author Pascal Bellard <pascal.bellard@slitaz.org>
date Mon May 29 18:19:51 2017 +0200 (23 months ago)
parents 258b8d3b3004
children 1614ddef4ae7
files samba/receipt samba/stuff/CVE-2017-7494.u
line diff
     1.1 --- a/samba/receipt	Fri Apr 28 11:22:14 2017 +0200
     1.2 +++ b/samba/receipt	Mon May 29 18:19:51 2017 +0200
     1.3 @@ -20,6 +20,7 @@
     1.4  # Rules to configure and make the package.
     1.5  compile_rules()
     1.6  {
     1.7 +	patch -p0 < $stuff/CVE-2017-7494.u
     1.8  	cd $src/source3
     1.9  	./configure --prefix=/usr --infodir=/usr/share/info \
    1.10  	--with-piddir=/var/run/samba --with-lockdir=/var/run/samba \
     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/samba/stuff/CVE-2017-7494.u	Mon May 29 18:19:51 2017 +0200
     2.3 @@ -0,0 +1,15 @@
     2.4 +CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
     2.5 +--- source3/rpc_server/srv_pipe.c
     2.6 ++++ source3/rpc_server/srv_pipe.c
     2.7 +@@ -1102,6 +1102,11 @@
     2.8 + 		pipename += 1;
     2.9 + 	}
    2.10 + 
    2.11 ++	if (strchr(pipename, '/')) {
    2.12 ++		DEBUG(1, ("Refusing open on pipe %s\n", pipename));
    2.13 ++		return false;
    2.14 ++	}
    2.15 ++
    2.16 + 	if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
    2.17 + 		DEBUG(10, ("refusing spoolss access\n"));
    2.18 + 		return false;