openwrt/package/network/services/samba36/patches/032-CVE-2018-1050-v3-6.patch
Hauke Mehrtens 9aaa23ec8b samba36: fix some security problems
This Adds fixes for the following security problems based on debians patches:
CVE-2016-2125: Unconditional privilege delegation to Kerberos servers in trusted realms
CVE-2017-12163: Server memory information leak over SMB1
CVE-2017-12150: SMB1/2/3 connections may not require signing where they should
CVE-2018-1050: Denial of Service Attack on external print server.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-03 23:26:45 +02:00

50 lines
1.4 KiB
Diff

From 6cc45e3452194f312e04109cfdae047eb0719c7c Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 2 Jan 2018 15:56:03 -0800
Subject: [PATCH] CVE-2018-1050: s3: RPC: spoolss server. Protect against null
pointer derefs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11343
Signed-off-by: Jeremy Allison <jra@samba.org>
---
source3/rpc_server/spoolss/srv_spoolss_nt.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -176,6 +176,11 @@ static void prune_printername_cache(void
static const char *canon_servername(const char *servername)
{
const char *pservername = servername;
+
+ if (servername == NULL) {
+ return "";
+ }
+
while (*pservername == '\\') {
pservername++;
}
@@ -2080,6 +2085,10 @@ WERROR _spoolss_DeletePrinterDriver(stru
return WERR_ACCESS_DENIED;
}
+ if (r->in.architecture == NULL || r->in.driver == NULL) {
+ return WERR_INVALID_ENVIRONMENT;
+ }
+
/* check that we have a valid driver name first */
if ((version = get_version_id(r->in.architecture)) == -1)
@@ -2225,6 +2234,10 @@ WERROR _spoolss_DeletePrinterDriverEx(st
return WERR_ACCESS_DENIED;
}
+ if (r->in.architecture == NULL || r->in.driver == NULL) {
+ return WERR_INVALID_ENVIRONMENT;
+ }
+
/* check that we have a valid driver name first */
if (get_version_id(r->in.architecture) == -1) {
/* this is what NT returns */