GoboLinux Downloads Documentation Community Recipes Screenshots

GoboLinux Recipe & Package Search Tool

36 versions of Samba.

ProgramAgeSizeByWWWSummary
Samba 4.6.1-r1 970  2962 Demi...
Tools to access to a server's filespace and printers via SMB.
Samba 4.6.0-r2 979  2912 Luca...
Tools to access to a server's filespace and printers via SMB.
Samba 3.6.16-r1 2333  2654 Luca...
Tools to access to a server's filespace and printers via SMB.
Samba 3.4.4-r1 3569  1892 Jona...
Tools to access to a server's filespace and printers via SMB.
Samba 3.4.1-r1 3618  1865 Cosm...
Tools to access to a server's filespace and printers via SMB.
Samba 3.3.4-r1 3855  1932 Jona...
Tools to access to a server's filespace and printers via SMB.
Samba 3.3.3-r1 3866  1939 Giam...
Tools to access to a server's filespace and printers via SMB.
Samba 3.3.2-r1 3893  1916 Nick...
Tools to access to a server's filespace and printers via SMB.
Samba 3.2.4-r1 3915  1944 Jona...
Tools to access to a server's filespace and printers via SMB.
Samba 3.2.2-r1 3915  1935 Giam...
Tools to access to a server's filespace and printers via SMB.
Samba 3.2.1-r1 3915  1956 Jona...
Tools to access to a server's filespace and printers via SMB.
Samba 3.2.0-r1 3915  1951 Jona...
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.30-r1 3915  1825 Jona...
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.29-r2 3915  3961 Jona...
Tools to access to a server's filespace and printers via SMB.
view entry at GitHub | download recipe.bz2 file
01-CVE-2008-1105.patch
Recipe
Resources/BuildInformation
Resources/Dependencies
Resources/Description
Resources/Tasks/Samba
commit 7e191387d64de2c965fc2c999bc7d1ccf4aae010
Author: Gerald W. Carter <jerry@samba.org>
Date:   Wed May 28 07:30:19 2008 -0500

    Security: Patche for CVE-2008-1105.
    
        -- Summary --
        Specifically crafted SMB responses can result
        in a heap overflow in the Samba client code.
        Because the server process, smbd, can itself
        act as a client during operations such as
        printer notification and domain authentication,
        this issue affects both Samba client and server
        installations.
    
    Ensure that we specify the buffer size used to store incoming SMB
    packets.  This bug was originally introduced in Samba 2.2.4.  Patch from
    Jeremy Allison.

diff --git a/source/client/client.c b/source/client/client.c
index 3f96f63..e87623a 100644
--- a/source/client/client.c
+++ b/source/client/client.c
@@ -3626,7 +3626,7 @@ static void readline_callback(void)
 	   session keepalives and then drop them here.
 	*/
 	if (FD_ISSET(cli->fd,&fds)) {
-		if (!receive_smb(cli->fd,cli->inbuf,0)) {
+		if (!receive_smb(cli->fd,cli->inbuf,cli->bufsize,0)) {
 			DEBUG(0, ("Read from server failed, maybe it closed the "
 				"connection\n"));
 			return;
diff --git a/source/client/smbctool.c b/source/client/smbctool.c
index 2063418..a18505b 100644
--- a/source/client/smbctool.c
+++ b/source/client/smbctool.c
@@ -3304,7 +3304,7 @@ static void readline_callback(void)
 	   session keepalives and then drop them here.
 	*/
 	if (FD_ISSET(cli->fd,&fds)) {
-		receive_smb(cli->fd,cli->inbuf,0);
+		receive_smb(cli->fd,cli->inbuf,cli->bufsize,0);
 		goto again;
 	}
 	  
diff --git a/source/lib/util_sock.c b/source/lib/util_sock.c
index 94c5e82..4715ca7 100644
--- a/source/lib/util_sock.c
+++ b/source/lib/util_sock.c
@@ -654,14 +654,13 @@ ssize_t read_smb_length(int fd, char *inbuf, unsigned int timeout)
 }
 
 /****************************************************************************
- Read an smb from a fd. Note that the buffer *MUST* be of size
- BUFFER_SIZE+SAFETY_MARGIN.
+ Read an smb from a fd. 
  The timeout is in milliseconds. 
  This function will return on receipt of a session keepalive packet.
  Doesn't check the MAC on signed packets.
 ****************************************************************************/
 
-BOOL receive_smb_raw(int fd, char *buffer, unsigned int timeout)
+BOOL receive_smb_raw(int fd, char *buffer, size_t buflen, unsigned int timeout)
 {
 	ssize_t len,ret;
 
@@ -682,25 +681,18 @@ BOOL receive_smb_raw(int fd, char *buffer, unsigned int timeout)
 		return False;
 	}
 
-	/*
-	 * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
-	 * of header. Don't print the error if this fits.... JRA.
-	 */
-
-	if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
+	if (len > buflen) {
 		DEBUG(0,("Invalid packet length! (%lu bytes).\n",(unsigned long)len));
-		if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) {
 
-			/*
-			 * Correct fix. smb_read_error may have already been
-			 * set. Only set it here if not already set. Global
-			 * variables still suck :-). JRA.
-			 */
+		/*
+		 * smb_read_error may have already been
+		 * set. Only set it here if not already set. Global
+		 * variables still suck :-). JRA.
+		 */
 
-			if (smb_read_error == 0)
-				smb_read_error = READ_ERROR;
-			return False;
-		}
+		if (smb_read_error == 0)
+			smb_read_error = READ_ERROR;
+		return False;
 	}
 
 	if(len > 0) {
@@ -730,9 +722,9 @@ BOOL receive_smb_raw(int fd, char *buffer, unsigned int timeout)
  Checks the MAC on signed packets.
 ****************************************************************************/
 
-BOOL receive_smb(int fd, char *buffer, unsigned int timeout)
+BOOL receive_smb(int fd, char *buffer, size_t buflen, unsigned int timeout)
 {
-	if (!receive_smb_raw(fd, buffer, timeout)) {
+	if (!receive_smb_raw(fd, buffer, buflen, timeout)) {
 		return False;
 	}
 
diff --git a/source/libsmb/clientgen.c b/source/libsmb/clientgen.c
index c6cef08..7d7ab9e 100644
--- a/source/libsmb/clientgen.c
+++ b/source/libsmb/clientgen.c
@@ -44,8 +44,7 @@ int cli_set_port(struct cli_state *cli, int port)
 }
 
 /****************************************************************************
- Read an smb from a fd ignoring all keepalive packets. Note that the buffer 
- *MUST* be of size BUFFER_SIZE+SAFETY_MARGIN.
+ Read an smb from a fd ignoring all keepalive packets.
  The timeout is in milliseconds
 
  This is exactly the same as receive_smb except that it never returns
@@ -54,12 +53,12 @@ int cli_set_port(struct cli_state *cli, int port)
  should never go into a blocking read.
 ****************************************************************************/
 
-static BOOL client_receive_smb(int fd,char *buffer, unsigned int timeout)
+static BOOL client_receive_smb(int fd,char *buffer, size_t bufsize, unsigned int \
timeout)
 {
 	BOOL ret;
 
 	for(;;) {
-		ret = receive_smb_raw(fd, buffer, timeout);
+		ret = receive_smb_raw(fd, buffer, bufsize, timeout);
 
 		if (!ret) {
 			DEBUG(10,("client_receive_smb failed\n"));
@@ -88,7 +87,7 @@ BOOL cli_receive_smb(struct cli_state *cli)
 		return False; 
 
  again:
-	ret = client_receive_smb(cli->fd,cli->inbuf,cli->timeout);
+	ret = client_receive_smb(cli->fd,cli->inbuf, cli->bufsize, cli->timeout);
 	
 	if (ret) {
 		/* it might be an oplock break request */
diff --git a/source/smbd/process.c b/source/smbd/process.c
index 8dec719..3d31c29 100644
--- a/source/smbd/process.c
+++ b/source/smbd/process.c
@@ -521,7 +521,8 @@ static BOOL receive_message_or_smb(char *buffer, int buffer_len, \
int timeout)
 		goto again;
 	}
 
-	return receive_smb(smbd_server_fd(), buffer, 0);
+	return receive_smb(smbd_server_fd(), buffer,
+			BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE, 0);
 }
 
 /*
diff --git a/source/utils/smbfilter.c b/source/utils/smbfilter.c
index 97d2223..2152e53 100644
--- a/source/utils/smbfilter.c
+++ b/source/utils/smbfilter.c
@@ -140,7 +140,7 @@ static void filter_child(int c, struct in_addr dest_ip)
 		if (num <= 0) continue;
 		
 		if (c != -1 && FD_ISSET(c, &fds)) {
-			if (!receive_smb(c, packet, 0)) {
+			if (!receive_smb(c, packet, BUFFER_SIZE, 0)) {
 				d_printf("client closed connection\n");
 				exit(0);
 			}
@@ -151,7 +151,7 @@ static void filter_child(int c, struct in_addr dest_ip)
 			}			
 		}
 		if (s != -1 && FD_ISSET(s, &fds)) {
-			if (!receive_smb(s, packet, 0)) {
+			if (!receive_smb(s, packet, BUFFER_SIZE, 0)) {
 				d_printf("server closed connection\n");
 				exit(0);
 			}
Samba 3.0.28a-r1 3915  1846 Luca...
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.28-r2 3915  1791 Jona...
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.27a-r1 3915  1525 Jona...
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.26a-r1 3915  1519 Jona...
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.25c-r1 3915  1538 Jona...
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.25b-r2 3915  1525 Ansh...
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.25a-r3 3915  1649 Jona...
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.25-r1 3915  1565 Jona...
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.23d-r2 3915  1434 Andr...
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.23c-r2 3915  1487 Jona...
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.22-r1 3915  1301 Jona...
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.21c-r1 3915  1296 Jona...
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.21b-r1 3915  1301 Jona...
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.21a-r1 3915  1298 Jona...
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.20b-r1 3915  1267 Rafa...
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.14a-r1 3915  1271 Jona...
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.11-r1 3915  1192 Andr...
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.10-r1 3915  1255 roko
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.9-r1 3915  1327 roko
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.5-r1 3915  1086
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.4-r1 3915  991
Tools to access to a server's filespace and printers via SMB.
Samba 3.0.0-r1 3915  4525
Tools to access to a server's filespace and printers via SMB.