mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-22 23:12:32 +00:00
9aaa23ec8b
This Adds fixes for the following security problems based on debians patches: CVE-2016-2125: Unconditional privilege delegation to Kerberos servers in trusted realms CVE-2017-12163: Server memory information leak over SMB1 CVE-2017-12150: SMB1/2/3 connections may not require signing where they should CVE-2018-1050: Denial of Service Attack on external print server. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
30 lines
897 B
Diff
30 lines
897 B
Diff
From d2bc9f3afe23ee04d237ae9f4511fbe59a27ff54 Mon Sep 17 00:00:00 2001
|
|
From: Volker Lendecke <vl@samba.org>
|
|
Date: Mon, 8 May 2017 21:40:40 +0200
|
|
Subject: [PATCH] CVE-2017-7494: rpc_server3: Refuse to open pipe names with /
|
|
inside
|
|
|
|
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780
|
|
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
|
|
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
---
|
|
source3/rpc_server/srv_pipe.c | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
--- a/source3/rpc_server/srv_pipe.c
|
|
+++ b/source3/rpc_server/srv_pipe.c
|
|
@@ -473,6 +473,11 @@ bool is_known_pipename(const char *cli_f
|
|
pipename += 1;
|
|
}
|
|
|
|
+ if (strchr(pipename, '/')) {
|
|
+ DEBUG(1, ("Refusing open on pipe %s\n", pipename));
|
|
+ return false;
|
|
+ }
|
|
+
|
|
if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
|
|
DEBUG(10, ("refusing spoolss access\n"));
|
|
return false;
|