diff options
| author |   Tiziano Müller <dev-zero@gentoo.org> | 2008-02-27 19:19:49 +0000 |
|---|---|---|
| committer | Tiziano Müller <dev-zero@gentoo.org> | 2008-02-27 19:19:49 +0000 |
| commit | a1044a41187b250704839e08c28318f5ac77a522 (patch) | |
| tree | 76e1b9c478ad0e803583bbd7adf43b0481253fd5 /net-fs/samba/files | |
| parent | Version bump (diff) | |
| download | gentoo-2-a1044a41187b250704839e08c28318f5ac77a522.tar.gz gentoo-2-a1044a41187b250704839e08c28318f5ac77a522.tar.bz2 gentoo-2-a1044a41187b250704839e08c28318f5ac77a522.zip | |
Fixed double pam_*.so installation (bug #207021, thanks to flameeyes). Dropped old version and patches.
(Portage version: 2.1.4.4)
Diffstat (limited to 'net-fs/samba/files')
| -rw-r--r-- | net-fs/samba/files/3.0.24-heap_overflow_v2.patch | 785 | ||||
| -rw-r--r-- | net-fs/samba/files/3.0.24-shell_escape.patch | 252 | ||||
| -rw-r--r-- | net-fs/samba/files/3.0.24-sid2name_elevation_v2.patch | 168 |
3 files changed, 0 insertions, 1205 deletions
diff --git a/net-fs/samba/files/3.0.24-heap_overflow_v2.patch b/net-fs/samba/files/3.0.24-heap_overflow_v2.patch deleted file mode 100644 index 54b5cbbc2dae..000000000000 --- a/net-fs/samba/files/3.0.24-heap_overflow_v2.patch +++ /dev/null @@ -1,785 +0,0 @@ -Index: samba-3.0.24/source/include/smb_macros.h -=================================================================== ---- samba-3.0.24.orig/source/include/smb_macros.h 2006-04-19 21:29:39.000000000 -0500 -+++ samba-3.0.24/source/include/smb_macros.h 2007-05-25 12:40:05.000000000 -0500 -@@ -310,7 +310,6 @@ - #if defined(PARANOID_MALLOC_CHECKER) - - #define PRS_ALLOC_MEM(ps, type, count) (type *)prs_alloc_mem_((ps),sizeof(type),(count)) --#define PRS_ALLOC_MEM_VOID(ps, size) prs_alloc_mem_((ps),(size),1) - - /* Get medieval on our ass about malloc.... */ - -@@ -354,7 +353,6 @@ - #define __location__ __FILE__ ":" __LINESTR__ - - #define PRS_ALLOC_MEM(ps, type, count) (type *)prs_alloc_mem((ps),sizeof(type),(count)) --#define PRS_ALLOC_MEM_VOID(ps, size) prs_alloc_mem((ps),(size),1) - - /* Regular malloc code. */ - -Index: samba-3.0.24/source/rpc_parse/parse_dfs.c -=================================================================== ---- samba-3.0.24.orig/source/rpc_parse/parse_dfs.c 2007-02-04 12:59:22.000000000 -0600 -+++ samba-3.0.24/source/rpc_parse/parse_dfs.c 2007-05-25 12:40:05.000000000 -0500 -@@ -325,7 +325,9 @@ - return False; - - if (UNMARSHALLING(ps)) { -- v->stores = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->stores)*v->num_stores); -+ v->stores = PRS_ALLOC_MEM(ps,NETDFS_DFS_STORAGEINFO,v->num_stores); -+ if (!v->stores) -+ return False; - } - for (i_stores_1=0; i_stores_1<v->num_stores;i_stores_1++) { - if (!netdfs_io_dfs_StorageInfo_p("stores", &v->stores[i_stores_1], ps, depth)) -@@ -447,7 +449,9 @@ - return False; - - if (UNMARSHALLING(ps)) { -- v->stores = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->stores)*v->num_stores); -+ v->stores = PRS_ALLOC_MEM(ps,NETDFS_DFS_STORAGEINFO,v->num_stores); -+ if (!v->stores) -+ return False; - } - for (i_stores_1=0; i_stores_1<v->num_stores;i_stores_1++) { - if (!netdfs_io_dfs_StorageInfo_p("stores", &v->stores[i_stores_1], ps, depth)) -@@ -920,7 +924,9 @@ - return False; - - if (UNMARSHALLING(ps)) { -- v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); -+ v->s = PRS_ALLOC_MEM(ps,NETDFS_DFS_INFO1,v->count); -+ if (!v->s) -+ return False; - } - for (i_s_1=0; i_s_1<v->count;i_s_1++) { - if (!netdfs_io_dfs_Info1_p("s", &v->s[i_s_1], ps, depth)) -@@ -986,7 +992,9 @@ - return False; - - if (UNMARSHALLING(ps)) { -- v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); -+ v->s = PRS_ALLOC_MEM(ps,NETDFS_DFS_INFO2,v->count); -+ if (!v->s) -+ return False; - } - for (i_s_1=0; i_s_1<v->count;i_s_1++) { - if (!netdfs_io_dfs_Info2_p("s", &v->s[i_s_1], ps, depth)) -@@ -1052,7 +1060,9 @@ - return False; - - if (UNMARSHALLING(ps)) { -- v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); -+ v->s = PRS_ALLOC_MEM(ps,NETDFS_DFS_INFO3,v->count); -+ if (!v->s) -+ return False; - } - for (i_s_1=0; i_s_1<v->count;i_s_1++) { - if (!netdfs_io_dfs_Info3_p("s", &v->s[i_s_1], ps, depth)) -@@ -1118,7 +1128,9 @@ - return False; - - if (UNMARSHALLING(ps)) { -- v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); -+ v->s = PRS_ALLOC_MEM(ps,NETDFS_DFS_INFO4,v->count); -+ if (!v->s) -+ return False; - } - for (i_s_1=0; i_s_1<v->count;i_s_1++) { - if (!netdfs_io_dfs_Info4_p("s", &v->s[i_s_1], ps, depth)) -@@ -1184,7 +1196,9 @@ - return False; - - if (UNMARSHALLING(ps)) { -- v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); -+ v->s = PRS_ALLOC_MEM(ps,NETDFS_DFS_INFO200,v->count); -+ if (!v->s) -+ return False; - } - for (i_s_1=0; i_s_1<v->count;i_s_1++) { - if (!netdfs_io_dfs_Info200_p("s", &v->s[i_s_1], ps, depth)) -@@ -1250,7 +1264,9 @@ - return False; - - if (UNMARSHALLING(ps)) { -- v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); -+ v->s = PRS_ALLOC_MEM(ps,NETDFS_DFS_INFO300,v->count); -+ if (!v->s) -+ return False; - } - for (i_s_1=0; i_s_1<v->count;i_s_1++) { - if (!netdfs_io_dfs_Info300_p("s", &v->s[i_s_1], ps, depth)) -Index: samba-3.0.24/source/rpc_parse/parse_lsa.c -=================================================================== ---- samba-3.0.24.orig/source/rpc_parse/parse_lsa.c 2007-02-04 12:59:22.000000000 -0600 -+++ samba-3.0.24/source/rpc_parse/parse_lsa.c 2007-05-25 12:41:06.000000000 -0500 -@@ -1171,7 +1171,7 @@ - - /* Mallocate memory if we're unpacking from the wire */ - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && sen->num_entries) { - if ((sen->ptr_sid = PRS_ALLOC_MEM( ps, uint32, sen->num_entries)) == NULL) { - DEBUG(3, ("init_lsa_sid_enum(): out of memory for " - "ptr_sid\n")); -@@ -1349,12 +1349,17 @@ - &trn->num_entries2)) - return False; - -- if (UNMARSHALLING(ps)) { -- if ((trn->name = PRS_ALLOC_MEM(ps, LSA_TRANS_NAME, trn->num_entries)) == NULL) { -+ if (trn->num_entries2 != trn->num_entries) { -+ /* RPC fault */ -+ return False; -+ } -+ -+ if (UNMARSHALLING(ps) && trn->num_entries2) { -+ if ((trn->name = PRS_ALLOC_MEM(ps, LSA_TRANS_NAME, trn->num_entries2)) == NULL) { - return False; - } - -- if ((trn->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, trn->num_entries)) == NULL) { -+ if ((trn->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, trn->num_entries2)) == NULL) { - return False; - } - } -@@ -1406,12 +1411,17 @@ - &trn->num_entries2)) - return False; - -- if (UNMARSHALLING(ps)) { -- if ((trn->name = PRS_ALLOC_MEM(ps, LSA_TRANS_NAME2, trn->num_entries)) == NULL) { -+ if (trn->num_entries2 != trn->num_entries) { -+ /* RPC fault */ -+ return False; -+ } -+ -+ if (UNMARSHALLING(ps) && trn->num_entries2) { -+ if ((trn->name = PRS_ALLOC_MEM(ps, LSA_TRANS_NAME2, trn->num_entries2)) == NULL) { - return False; - } - -- if ((trn->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, trn->num_entries)) == NULL) { -+ if ((trn->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, trn->num_entries2)) == NULL) { - return False; - } - } -@@ -1678,7 +1688,7 @@ - return False; - } - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && out->num_entries2) { - if ((out->dom_rid = PRS_ALLOC_MEM(ps, DOM_RID, out->num_entries2)) - == NULL) { - DEBUG(3, ("lsa_io_r_lookup_names(): out of memory\n")); -@@ -1803,7 +1813,7 @@ - return False; - } - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && out->num_entries2) { - if ((out->dom_rid = PRS_ALLOC_MEM(ps, DOM_RID2, out->num_entries2)) - == NULL) { - DEBUG(3, ("lsa_io_r_lookup_names2(): out of memory\n")); -@@ -1956,7 +1966,7 @@ - return False; - } - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && out->num_entries2) { - if ((out->trans_sids = PRS_ALLOC_MEM(ps, LSA_TRANSLATED_SID3, out->num_entries2)) - == NULL) { - DEBUG(3, ("lsa_io_r_lookup_names3(): out of memory\n")); -@@ -2085,7 +2095,7 @@ - return False; - } - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && out->num_entries2) { - if ((out->trans_sids = PRS_ALLOC_MEM(ps, LSA_TRANSLATED_SID3, out->num_entries2)) - == NULL) { - DEBUG(3, ("lsa_io_r_lookup_names4(): out of memory\n")); -@@ -2324,7 +2334,7 @@ - if(!prs_uint32("count1", ps, depth, &out->count1)) - return False; - -- if (UNMARSHALLING(ps)) -+ if (UNMARSHALLING(ps) && out->count1) - if (!(out->privs = PRS_ALLOC_MEM(ps, LSA_PRIV_ENTRY, out->count1))) - return False; - -@@ -2759,7 +2769,7 @@ - - static BOOL lsa_io_privilege_set(const char *desc, PRIVILEGE_SET *out, prs_struct *ps, int depth) - { -- uint32 i; -+ uint32 i, dummy; - - prs_debug(ps, depth, desc, "lsa_io_privilege_set"); - depth++; -@@ -2767,7 +2777,7 @@ - if(!prs_align(ps)) - return False; - -- if(!prs_uint32("count", ps, depth, &out->count)) -+ if(!prs_uint32("count", ps, depth, &dummy)) - return False; - if(!prs_uint32("control", ps, depth, &out->control)) - return False; -@@ -3886,7 +3896,7 @@ - prs_debug(ps, depth, desc, "smb_io_lsa_data_buf"); - depth++; - -- if ( UNMARSHALLING(ps) ) { -+ if ( UNMARSHALLING(ps) && length ) { - if ( !(buf->data = PRS_ALLOC_MEM( ps, uint8, length )) ) - return False; - } -@@ -3900,7 +3910,7 @@ - if (!prs_uint32("length", ps, depth, &buf->length)) - return False; - -- if(!prs_uint8s(False, "data", ps, depth, buf->data, size)) -+ if(!prs_uint8s(False, "data", ps, depth, buf->data, length)) - return False; - - return True; -Index: samba-3.0.24/source/rpc_parse/parse_prs.c -=================================================================== ---- samba-3.0.24.orig/source/rpc_parse/parse_prs.c 2007-02-04 12:59:22.000000000 -0600 -+++ samba-3.0.24/source/rpc_parse/parse_prs.c 2007-05-25 12:41:06.000000000 -0500 -@@ -156,7 +156,7 @@ - { - char *ret = NULL; - -- if (size) { -+ if (size && count) { - /* We can't call the type-safe version here. */ - ret = _talloc_zero_array(ps->mem_ctx, size, count, "parse_prs"); - } -@@ -642,9 +642,13 @@ - return True; - - if (UNMARSHALLING(ps)) { -- if ( !(*data = PRS_ALLOC_MEM_VOID(ps, data_size)) ) -- return False; -- } -+ if (data_size) { -+ if ( !(*data = (void *)PRS_ALLOC_MEM(ps, char, data_size)) ) -+ return False; -+ } else { -+ *data = NULL; -+ } -+ } - - return prs_fn(name, ps, depth, *data); - } -@@ -1014,16 +1018,16 @@ - if (q == NULL) - return False; - -+ /* If the string is empty, we don't have anything to stream */ -+ if (str->buf_len==0) -+ return True; -+ - if (UNMARSHALLING(ps)) { - str->buffer = PRS_ALLOC_MEM(ps,uint16,str->buf_len); - if (str->buffer == NULL) - return False; - } - -- /* If the string is empty, we don't have anything to stream */ -- if (str->buf_len==0) -- return True; -- - p = (char *)str->buffer; - - dbg_rw_punival(charmode, name, depth, ps, q, p, str->buf_len); -@@ -1053,6 +1057,8 @@ - buf->buffer = PRS_ALLOC_MEM(ps, uint16, buf->buf_max_len); - if ( buf->buffer == NULL ) - return False; -+ } else { -+ buf->buffer = NULL; - } - } - -@@ -1080,9 +1086,13 @@ - if (str->str_str_len > str->str_max_len) { - return False; - } -- str->buffer = PRS_ALLOC_MEM(ps,unsigned char, str->str_max_len); -- if (str->buffer == NULL) -- return False; -+ if (str->str_max_len) { -+ str->buffer = PRS_ALLOC_MEM(ps,unsigned char, str->str_max_len); -+ if (str->buffer == NULL) -+ return False; -+ } else { -+ str->buffer = NULL; -+ } - } - - if (UNMARSHALLING(ps)) { -@@ -1127,9 +1137,13 @@ - if (str->uni_str_len > str->uni_max_len) { - return False; - } -- str->buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_max_len); -- if (str->buffer == NULL) -- return False; -+ if (str->uni_max_len) { -+ str->buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_max_len); -+ if (str->buffer == NULL) -+ return False; -+ } else { -+ str->buffer = NULL; -+ } - } - - p = (char *)str->buffer; -@@ -1154,9 +1168,13 @@ - return False; - - if (UNMARSHALLING(ps)) { -- str->str.buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_str_len); -- if (str->str.buffer == NULL) -- return False; -+ if (str->uni_str_len) { -+ str->str.buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_str_len); -+ if (str->str.buffer == NULL) -+ return False; -+ } else { -+ str->str.buffer = NULL; -+ } - } - - p = (char *)str->str.buffer; -Index: samba-3.0.24/source/rpc_parse/parse_sec.c -=================================================================== ---- samba-3.0.24.orig/source/rpc_parse/parse_sec.c 2005-04-18 11:38:20.000000000 -0500 -+++ samba-3.0.24/source/rpc_parse/parse_sec.c 2007-05-25 12:40:05.000000000 -0500 -@@ -122,7 +122,7 @@ - for you as it reads them. - ********************************************************************/ - --BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) -+static BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) - { - unsigned int i; - uint32 old_offset; -@@ -165,13 +165,10 @@ - return False; - - if (UNMARSHALLING(ps)) { -- /* -- * Even if the num_aces is zero, allocate memory as there's a difference -- * between a non-present DACL (allow all access) and a DACL with no ACE's -- * (allow no access). -- */ -- if((psa->ace = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces+1)) == NULL) -- return False; -+ if (psa->num_aces) { -+ if((psa->ace = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces)) == NULL) -+ return False; -+ } - } - - for (i = 0; i < psa->num_aces; i++) { -Index: samba-3.0.24/source/rpc_parse/parse_spoolss.c -=================================================================== ---- samba-3.0.24.orig/source/rpc_parse/parse_spoolss.c 2007-02-04 12:59:22.000000000 -0600 -+++ samba-3.0.24/source/rpc_parse/parse_spoolss.c 2007-05-25 12:41:06.000000000 -0500 -@@ -227,8 +227,13 @@ - if(!prs_uint32("count2", ps, depth, &type->count2)) - return False; - -- if (type->count2 != type->count) -+ if (type->count2 != type->count) { - DEBUG(4,("What a mess, count was %x now is %x !\n", type->count, type->count2)); -+ return False; -+ } -+ if (type->count2 > MAX_NOTIFY_TYPE_FOR_NOW) { -+ return False; -+ } - - /* parse the option type data */ - for(i=0;i<type->count2;i++) -@@ -252,7 +257,7 @@ - return False; - - /* reading */ -- if (UNMARSHALLING(ps)) -+ if (UNMARSHALLING(ps) && ctr->count) - if((ctr->type=PRS_ALLOC_MEM(ps,SPOOL_NOTIFY_OPTION_TYPE,ctr->count)) == NULL) - return False; - -@@ -411,7 +416,7 @@ - if(!prs_uint32("string length", ps, depth, &data->notify_data.data.length)) - return False; - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && data->notify_data.data.length) { - data->notify_data.data.string = PRS_ALLOC_MEM(ps, uint16, - data->notify_data.data.length); - -@@ -430,7 +435,7 @@ - - case NOTIFY_POINTER: - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && data->notify_data.data.length) { - data->notify_data.data.string = PRS_ALLOC_MEM(ps, uint16, - data->notify_data.data.length); - -@@ -490,9 +495,13 @@ - - /* Tallocate memory for string */ - -- data->notify_data.data.string = PRS_ALLOC_MEM(ps, uint16, x * 2); -- if (!data->notify_data.data.string) -- return False; -+ if (x) { -+ data->notify_data.data.string = PRS_ALLOC_MEM(ps, uint16, x * 2); -+ if (!data->notify_data.data.string) -+ return False; -+ } else { -+ data->notify_data.data.string = NULL; -+ } - - if(!prs_uint16uni(True,"string",ps,depth,data->notify_data.data.string,x)) - return False; -@@ -5931,14 +5940,14 @@ - case REG_BINARY: - case REG_DWORD: - case REG_MULTI_SZ: -- if (q_u->max_len) { -- if (UNMARSHALLING(ps)) -- q_u->data=PRS_ALLOC_MEM(ps, uint8, q_u->max_len); -- if(q_u->data == NULL) -- return False; -- if(!prs_uint8s(False,"data", ps, depth, q_u->data, q_u->max_len)) -- return False; -- } -+ if (q_u->max_len) { -+ if (UNMARSHALLING(ps)) -+ q_u->data=PRS_ALLOC_MEM(ps, uint8, q_u->max_len); -+ if(q_u->data == NULL) -+ return False; -+ if(!prs_uint8s(False,"data", ps, depth, q_u->data, q_u->max_len)) -+ return False; -+ } - if(!prs_align(ps)) - return False; - break; -@@ -6956,7 +6965,7 @@ - - /* first loop to write basic enum_value information */ - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && ctr->size_of_array) { - ctr->values = PRS_ALLOC_MEM(ps, PRINTER_ENUM_VALUES, ctr->size_of_array); - if (!ctr->values) - return False; -Index: samba-3.0.24/source/libads/authdata.c -=================================================================== ---- samba-3.0.24.orig/source/libads/authdata.c 2006-02-23 10:29:34.000000000 -0600 -+++ samba-3.0.24/source/libads/authdata.c 2007-05-25 12:41:06.000000000 -0500 -@@ -120,10 +120,14 @@ - return False; - - if (UNMARSHALLING(ps)) { -- array->krb_sid_and_attrs = PRS_ALLOC_MEM(ps, KRB_SID_AND_ATTRS, num); -- if (!array->krb_sid_and_attrs) { -- DEBUG(3, ("No memory available\n")); -- return False; -+ if (num) { -+ array->krb_sid_and_attrs = PRS_ALLOC_MEM(ps, KRB_SID_AND_ATTRS, num); -+ if (!array->krb_sid_and_attrs) { -+ DEBUG(3, ("No memory available\n")); -+ return False; -+ } -+ } else { -+ array->krb_sid_and_attrs = NULL; - } - } - -@@ -184,10 +188,14 @@ - return False; - - if (UNMARSHALLING(ps)) { -- array->group_membership = PRS_ALLOC_MEM(ps, GROUP_MEMBERSHIP, num); -- if (!array->group_membership) { -- DEBUG(3, ("No memory available\n")); -- return False; -+ if (num) { -+ array->group_membership = PRS_ALLOC_MEM(ps, GROUP_MEMBERSHIP, num); -+ if (!array->group_membership) { -+ DEBUG(3, ("No memory available\n")); -+ return False; -+ } -+ } else { -+ array->group_membership = NULL; - } - } - -@@ -456,10 +464,14 @@ - return False; - - if (UNMARSHALLING(ps) && length) { -- data->signature.buffer = PRS_ALLOC_MEM(ps, uint8, siglen); -- if (!data->signature.buffer) { -- DEBUG(3, ("No memory available\n")); -- return False; -+ if (siglen) { -+ data->signature.buffer = PRS_ALLOC_MEM(ps, uint8, siglen); -+ if (!data->signature.buffer) { -+ DEBUG(3, ("No memory available\n")); -+ return False; -+ } -+ } else { -+ data->signature.buffer = NULL; - } - } - -Index: samba-3.0.24/source/registry/regfio.c -=================================================================== ---- samba-3.0.24.orig/source/registry/regfio.c 2007-02-04 12:59:26.000000000 -0600 -+++ samba-3.0.24/source/registry/regfio.c 2007-05-25 12:41:06.000000000 -0500 -@@ -642,8 +642,12 @@ - return False; - - if ( UNMARSHALLING(&hbin->ps) ) { -- if ( !(lf->hashes = PRS_ALLOC_MEM( &hbin->ps, REGF_HASH_REC, lf->num_keys )) ) -- return False; -+ if (lf->num_keys) { -+ if ( !(lf->hashes = PRS_ALLOC_MEM( &hbin->ps, REGF_HASH_REC, lf->num_keys )) ) -+ return False; -+ } else { -+ lf->hashes = NULL; -+ } - } - - for ( i=0; i<lf->num_keys; i++ ) { -Index: samba-3.0.24/source/rpc_parse/parse_net.c -=================================================================== ---- samba-3.0.24.orig/source/rpc_parse/parse_net.c 2007-02-04 12:59:22.000000000 -0600 -+++ samba-3.0.24/source/rpc_parse/parse_net.c 2007-05-25 12:41:06.000000000 -0500 -@@ -1721,9 +1721,13 @@ - } - - if (UNMARSHALLING(ps)) { -- usr->gids = PRS_ALLOC_MEM(ps, DOM_GID, usr->num_groups); -- if (usr->gids == NULL) -- return False; -+ if (usr->num_groups) { -+ usr->gids = PRS_ALLOC_MEM(ps, DOM_GID, usr->num_groups); -+ if (usr->gids == NULL) -+ return False; -+ } else { -+ usr->gids = NULL; -+ } - } - - for (i = 0; i < usr->num_groups; i++) { -@@ -1756,10 +1760,15 @@ - return False; - - if (UNMARSHALLING(ps)) { -- usr->other_sids = PRS_ALLOC_MEM(ps, DOM_SID2, usr->num_other_sids); -- usr->other_sids_attrib = -- PRS_ALLOC_MEM(ps, uint32, usr->num_other_sids); -- -+ if (usr->num_other_sids) { -+ usr->other_sids = PRS_ALLOC_MEM(ps, DOM_SID2, usr->num_other_sids); -+ usr->other_sids_attrib = -+ PRS_ALLOC_MEM(ps, uint32, usr->num_other_sids); -+ } else { -+ usr->other_sids = NULL; -+ usr->other_sids_attrib = NULL; -+ } -+ - if ((num_other_sids != 0) && - ((usr->other_sids == NULL) || - (usr->other_sids_attrib == NULL))) -Index: samba-3.0.24/source/rpc_parse/parse_samr.c -=================================================================== ---- samba-3.0.24.orig/source/rpc_parse/parse_samr.c 2007-02-04 12:59:22.000000000 -0600 -+++ samba-3.0.24/source/rpc_parse/parse_samr.c 2007-05-25 12:41:06.000000000 -0500 -@@ -3337,7 +3337,7 @@ - if(!prs_uint32("num_entries3", ps, depth, &r_u->num_entries3)) - return False; - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && r_u->num_entries2) { - r_u->sam = PRS_ALLOC_MEM(ps,SAM_ENTRY,r_u->num_entries2); - r_u->uni_dom_name = PRS_ALLOC_MEM(ps,UNISTR2,r_u->num_entries2); - } -@@ -3476,7 +3476,7 @@ - if(!prs_uint32("num_entries3", ps, depth, &r_u->num_entries3)) - return False; - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && r_u->num_entries2) { - r_u->sam = PRS_ALLOC_MEM(ps,SAM_ENTRY,r_u->num_entries2); - r_u->uni_grp_name = PRS_ALLOC_MEM(ps,UNISTR2,r_u->num_entries2); - } -@@ -4980,12 +4980,13 @@ - return False; - } - -- if (UNMARSHALLING(ps)) -+ if (UNMARSHALLING(ps) && r_u->num_rids2) { - r_u->rids = PRS_ALLOC_MEM(ps, uint32, r_u->num_rids2); - -- if (!r_u->rids) { -- DEBUG(0, ("NULL rids in samr_io_r_lookup_names\n")); -- return False; -+ if (!r_u->rids) { -+ DEBUG(0, ("NULL rids in samr_io_r_lookup_names\n")); -+ return False; -+ } - } - - for (i = 0; i < r_u->num_rids2; i++) { -@@ -5009,12 +5010,13 @@ - return False; - } - -- if (UNMARSHALLING(ps)) -+ if (UNMARSHALLING(ps) && r_u->num_types2) { - r_u->types = PRS_ALLOC_MEM(ps, uint32, r_u->num_types2); - -- if (!r_u->types) { -- DEBUG(0, ("NULL types in samr_io_r_lookup_names\n")); -- return False; -+ if (!r_u->types) { -+ DEBUG(0, ("NULL types in samr_io_r_lookup_names\n")); -+ return False; -+ } - } - - for (i = 0; i < r_u->num_types2; i++) { -Index: samba-3.0.24/source/rpc_parse/parse_srv.c -=================================================================== ---- samba-3.0.24.orig/source/rpc_parse/parse_srv.c 2005-04-18 11:38:20.000000000 -0500 -+++ samba-3.0.24/source/rpc_parse/parse_srv.c 2007-05-25 12:41:06.000000000 -0500 -@@ -782,7 +782,7 @@ - int num_entries = ctr->num_entries; - int i; - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && num_entries) { - if (!(info0 = PRS_ALLOC_MEM(ps, SRV_SHARE_INFO_0, num_entries))) - return False; - ctr->share.info0 = info0; -@@ -808,7 +808,7 @@ - int num_entries = ctr->num_entries; - int i; - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && num_entries) { - if (!(info1 = PRS_ALLOC_MEM(ps, SRV_SHARE_INFO_1, num_entries))) - return False; - ctr->share.info1 = info1; -@@ -834,7 +834,7 @@ - int num_entries = ctr->num_entries; - int i; - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && num_entries) { - if (!(info2 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_2,num_entries))) - return False; - ctr->share.info2 = info2; -@@ -859,7 +859,7 @@ - int num_entries = ctr->num_entries; - int i; - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && num_entries) { - if (!(info501 = PRS_ALLOC_MEM(ps, SRV_SHARE_INFO_501, num_entries))) - return False; - ctr->share.info501 = info501; -@@ -884,7 +884,7 @@ - int num_entries = ctr->num_entries; - int i; - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && num_entries) { - if (!(info502 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_502,num_entries))) - return False; - ctr->share.info502 = info502; -@@ -910,7 +910,7 @@ - int num_entries = ctr->num_entries; - int i; - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && num_entries) { - if (!(info1004 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_1004,num_entries))) - return False; - ctr->share.info1004 = info1004; -@@ -936,7 +936,7 @@ - int num_entries = ctr->num_entries; - int i; - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && num_entries) { - if (!(info1005 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_1005,num_entries))) - return False; - ctr->share.info1005 = info1005; -@@ -956,7 +956,7 @@ - int num_entries = ctr->num_entries; - int i; - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && num_entries) { - if (!(info1006 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_1006,num_entries))) - return False; - ctr->share.info1006 = info1006; -@@ -976,7 +976,7 @@ - int num_entries = ctr->num_entries; - int i; - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && num_entries) { - if (!(info1007 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_1007,num_entries))) - return False; - ctr->share.info1007 = info1007; -@@ -1002,7 +1002,7 @@ - int num_entries = ctr->num_entries; - int i; - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && num_entries) { - if (!(info1501 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_1501,num_entries))) - return False; - ctr->share.info1501 = info1501; -@@ -2558,7 +2558,7 @@ - int num_entries = ctr->num_entries; - int i; - -- if (UNMARSHALLING(ps)) { -+ if (UNMARSHALLING(ps) && num_entries) { - if (!(info3 = PRS_ALLOC_MEM(ps, SRV_FILE_INFO_3, num_entries))) - return False; - ctr->file.info3 = info3; -@@ -3377,7 +3377,7 @@ - - r_n->disk_enum_ctr.entries_read = entries_read3; - -- if(UNMARSHALLING(ps)) { -+ if(UNMARSHALLING(ps) && entries_read3) { - - DISK_INFO *dinfo; - -@@ -3386,7 +3386,7 @@ - r_n->disk_enum_ctr.disk_info = dinfo; - } - -- for(i=0; i < r_n->disk_enum_ctr.entries_read; i++) { -+ for(i=0; i < entries_read3; i++) { - - if(!prs_uint32("unknown", ps, depth, &r_n->disk_enum_ctr.disk_info[i].unknown)) - return False; diff --git a/net-fs/samba/files/3.0.24-shell_escape.patch b/net-fs/samba/files/3.0.24-shell_escape.patch deleted file mode 100644 index dc7fd94ebddd..000000000000 --- a/net-fs/samba/files/3.0.24-shell_escape.patch +++ /dev/null @@ -1,252 +0,0 @@ -Only in source-orig/: configure -diff -u -r source-orig/lib/charcnv.c source/lib/charcnv.c ---- source-orig/lib/charcnv.c 2006-04-19 19:29:23.000000000 -0700 -+++ source/lib/charcnv.c 2007-05-10 09:59:49.023262000 -0700 -@@ -1398,5 +1398,5 @@ - /* We're hosed - we don't know how big this is... */ - DEBUG(10,("next_mb_char_size: unknown size at string %s\n", s)); - conv_silent = False; -- return 1; -+ return (size_t)-1; - } -diff -u -r source-orig/lib/smbrun.c source/lib/smbrun.c ---- source-orig/lib/smbrun.c 2006-04-19 19:29:23.000000000 -0700 -+++ source/lib/smbrun.c 2007-05-10 09:57:03.305061000 -0700 -@@ -55,7 +55,7 @@ - outfd (or discard it if outfd is NULL). - ****************************************************************************/ - --int smbrun(const char *cmd, int *outfd) -+static int smbrun_internal(const char *cmd, int *outfd, BOOL sanitize) - { - pid_t pid; - uid_t uid = current_user.ut.uid; -@@ -173,13 +173,36 @@ - } - #endif - -- execl("/bin/sh","sh","-c",cmd,NULL); -+ { -+ const char *newcmd = sanitize ? escape_shell_string(cmd) : cmd; -+ if (!newcmd) { -+ exit(82); -+ } -+ execl("/bin/sh","sh","-c",newcmd,NULL); -+ } - - /* not reached */ -- exit(82); -+ exit(83); - return 1; - } - -+/**************************************************************************** -+ Use only in known safe shell calls (printing). -+****************************************************************************/ -+ -+int smbrun_no_sanitize(const char *cmd, int *outfd) -+{ -+ return smbrun_internal(cmd, outfd, False); -+} -+ -+/**************************************************************************** -+ By default this now sanitizes shell expansion. -+****************************************************************************/ -+ -+int smbrun(const char *cmd, int *outfd) -+{ -+ return smbrun_internal(cmd, outfd, True); -+} - - /**************************************************************************** - run a command being careful about uid/gid handling and putting the output in -@@ -302,7 +325,7 @@ - #endif - - execl("/bin/sh", "sh", "-c", cmd, NULL); -- -+ - /* not reached */ - exit(82); - return 1; -diff -u -r source-orig/lib/util_str.c source/lib/util_str.c ---- source-orig/lib/util_str.c 2007-02-04 10:59:17.000000000 -0800 -+++ source/lib/util_str.c 2007-05-10 09:59:36.718762000 -0700 -@@ -2426,3 +2426,165 @@ - return True; - } - -+ -+/******************************************************************* -+ Add a shell escape character '\' to any character not in a known list -+ of characters. UNIX charset format. -+*******************************************************************/ -+ -+#define INCLUDE_LIST "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabdefghijklmnopqrstuvwxyz_/ \t.," -+#define INSIDE_DQUOTE_LIST "$`\n\"\\" -+ -+char *escape_shell_string(const char *src) -+{ -+ size_t srclen = strlen(src); -+ char *ret = SMB_MALLOC((srclen * 2) + 1); -+ char *dest = ret; -+ BOOL in_s_quote = False; -+ BOOL in_d_quote = False; -+ BOOL next_escaped = False; -+ -+ if (!ret) { -+ return NULL; -+ } -+ -+ while (*src) { -+ size_t c_size = next_mb_char_size(src); -+ -+ if (c_size == (size_t)-1) { -+ SAFE_FREE(ret); -+ return NULL; -+ } -+ -+ if (c_size > 1) { -+ memcpy(dest, src, c_size); -+ src += c_size; -+ dest += c_size; -+ next_escaped = False; -+ continue; -+ } -+ -+ /* -+ * Deal with backslash escaped state. -+ * This only lasts for one character. -+ */ -+ -+ if (next_escaped) { -+ *dest++ = *src++; -+ next_escaped = False; -+ continue; -+ } -+ -+ /* -+ * Deal with single quote state. The -+ * only thing we care about is exiting -+ * this state. -+ */ -+ -+ if (in_s_quote) { -+ if (*src == '\'') { -+ in_s_quote = False; -+ } -+ *dest++ = *src++; -+ continue; -+ } -+ -+ /* -+ * Deal with double quote state. The most -+ * complex state. We must cope with \, meaning -+ * possibly escape next char (depending what it -+ * is), ", meaning exit this state, and possibly -+ * add an \ escape to any unprotected character -+ * (listed in INSIDE_DQUOTE_LIST). -+ */ -+ -+ if (in_d_quote) { -+ if (*src == '\\') { -+ /* -+ * Next character might be escaped. -+ * We have to peek. Inside double -+ * quotes only INSIDE_DQUOTE_LIST -+ * characters are escaped by a \. -+ */ -+ -+ char nextchar; -+ -+ c_size = next_mb_char_size(&src[1]); -+ if (c_size == (size_t)-1) { -+ SAFE_FREE(ret); -+ return NULL; -+ } -+ if (c_size > 1) { -+ /* -+ * Don't escape the next char. -+ * Just copy the \. -+ */ -+ *dest++ = *src++; -+ continue; -+ } -+ -+ nextchar = src[1]; -+ -+ if (nextchar && strchr(INSIDE_DQUOTE_LIST, (int)nextchar)) { -+ next_escaped = True; -+ } -+ *dest++ = *src++; -+ continue; -+ } -+ -+ if (*src == '\"') { -+ /* Exit double quote state. */ -+ in_d_quote = False; -+ *dest++ = *src++; -+ continue; -+ } -+ -+ /* -+ * We know the character isn't \ or ", -+ * so escape it if it's any of the other -+ * possible unprotected characters. -+ */ -+ -+ if (strchr(INSIDE_DQUOTE_LIST, (int)*src)) { -+ *dest++ = '\\'; -+ } -+ *dest++ = *src++; -+ continue; -+ } -+ -+ /* -+ * From here to the end of the loop we're -+ * not in the single or double quote state. -+ */ -+ -+ if (*src == '\\') { -+ /* Next character must be escaped. */ -+ next_escaped = True; -+ *dest++ = *src++; -+ continue; -+ } -+ -+ if (*src == '\'') { -+ /* Go into single quote state. */ -+ in_s_quote = True; -+ *dest++ = *src++; -+ continue; -+ } -+ -+ if (*src == '\"') { -+ /* Go into double quote state. */ -+ in_d_quote = True; -+ *dest++ = *src++; -+ continue; -+ } -+ -+ /* Check if we need to escape the character. */ -+ -+ if (!strchr(INCLUDE_LIST, (int)*src)) { -+ *dest++ = '\\'; -+ } -+ *dest++ = *src++; -+ } -+ *dest++ = '\0'; -+ return ret; -+} -diff -u -r source-orig/printing/print_generic.c source/printing/print_generic.c ---- source-orig/printing/print_generic.c 2007-02-04 10:59:13.000000000 -0800 -+++ source/printing/print_generic.c 2007-05-10 09:57:03.292061000 -0700 -@@ -58,7 +58,7 @@ - if ( do_sub && snum != -1 ) - standard_sub_snum(snum,syscmd,sizeof(syscmd)); - -- ret = smbrun(syscmd,outfd); -+ ret = smbrun_no_sanitize(syscmd,outfd); - - DEBUG(3,("Running the command `%s' gave %d\n",syscmd,ret)); - diff --git a/net-fs/samba/files/3.0.24-sid2name_elevation_v2.patch b/net-fs/samba/files/3.0.24-sid2name_elevation_v2.patch deleted file mode 100644 index 7bf5a1a4ca04..000000000000 --- a/net-fs/samba/files/3.0.24-sid2name_elevation_v2.patch +++ /dev/null @@ -1,168 +0,0 @@ -Index: samba-3.0.24/source/lib/util_sec.c -=================================================================== ---- samba-3.0.24.orig/source/lib/util_sec.c 2007-05-25 12:36:10.000000000 -0500 -+++ samba-3.0.24/source/lib/util_sec.c 2007-05-25 12:36:38.000000000 -0500 -@@ -286,28 +286,6 @@ - } - - /**************************************************************************** -- Lightweight become root - no group change. --****************************************************************************/ -- --void become_root_uid_only(void) --{ -- save_re_uid(); -- set_effective_uid(0); --} -- --/**************************************************************************** -- Lightweight unbecome root - no group change. Expects we are root already, -- saves errno across call boundary. --****************************************************************************/ -- --void unbecome_root_uid_only(void) --{ -- int saved_errno = errno; -- restore_re_uid_fromroot(); -- errno = saved_errno; --} -- --/**************************************************************************** - save the real and effective gid for later restoration. Used by the - getgroups code - ****************************************************************************/ -Index: samba-3.0.24/source/passdb/lookup_sid.c -=================================================================== ---- samba-3.0.24.orig/source/passdb/lookup_sid.c 2007-05-25 12:36:10.000000000 -0500 -+++ samba-3.0.24/source/passdb/lookup_sid.c 2007-05-25 12:36:38.000000000 -0500 -@@ -421,10 +421,10 @@ - return False; - } - -- become_root_uid_only(); -+ become_root(); - result = pdb_lookup_rids(domain_sid, num_rids, rids, - *names, *types); -- unbecome_root_uid_only(); -+ unbecome_root(); - - return (NT_STATUS_IS_OK(result) || - NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) || -@@ -1085,9 +1085,9 @@ - goto done; - } - -- become_root_uid_only(); -+ become_root(); - ret = pdb_uid_to_rid(uid, &rid); -- unbecome_root_uid_only(); -+ unbecome_root(); - - if (ret) { - /* This is a mapped user */ -@@ -1131,9 +1131,9 @@ - goto done; - } - -- become_root_uid_only(); -+ become_root(); - ret = pdb_gid_to_sid(gid, psid); -- unbecome_root_uid_only(); -+ unbecome_root(); - - if (ret) { - /* This is a mapped group */ -@@ -1179,9 +1179,9 @@ - union unid_t id; - BOOL ret; - -- become_root_uid_only(); -+ become_root(); - ret = pdb_sid_to_id(psid, &id, &type); -- unbecome_root_uid_only(); -+ unbecome_root(); - - if (ret) { - if (type != SID_NAME_USER) { -@@ -1259,9 +1259,9 @@ - sid_check_is_in_wellknown_domain(psid))) { - BOOL ret; - -- become_root_uid_only(); -+ become_root(); - ret = pdb_getgrsid(&map, *psid); -- unbecome_root_uid_only(); -+ unbecome_root(); - - if (ret) { - *pgid = map.gid; -@@ -1273,9 +1273,9 @@ - if (sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) { - BOOL ret; - -- become_root_uid_only(); -+ become_root(); - ret = pdb_sid_to_id(psid, &id, &type); -- unbecome_root_uid_only(); -+ unbecome_root(); - - if (ret) { - if ((type != SID_NAME_DOM_GRP) && -Index: samba-3.0.24/source/smbd/uid.c -=================================================================== ---- samba-3.0.24.orig/source/smbd/uid.c 2007-05-25 12:36:28.000000000 -0500 -+++ samba-3.0.24/source/smbd/uid.c 2007-05-25 12:36:46.000000000 -0500 -@@ -151,7 +151,9 @@ - char group_c; - BOOL must_free_token = False; - NT_USER_TOKEN *token = NULL; -- -+ int num_groups = 0; -+ gid_t *group_list = NULL; -+ - if (!conn) { - DEBUG(2,("change_to_user: Connection not open\n")); - return(False); -@@ -190,14 +192,14 @@ - if (conn->force_user) /* security = share sets this too */ { - uid = conn->uid; - gid = conn->gid; -- current_user.ut.groups = conn->groups; -- current_user.ut.ngroups = conn->ngroups; -+ group_list = conn->groups; -+ num_groups = conn->ngroups; - token = conn->nt_user_token; - } else if (vuser) { - uid = conn->admin_user ? 0 : vuser->uid; - gid = vuser->gid; -- current_user.ut.ngroups = vuser->n_groups; -- current_user.ut.groups = vuser->groups; -+ num_groups = vuser->n_groups; -+ group_list = vuser->groups; - token = vuser->nt_user_token; - } else { - DEBUG(2,("change_to_user: Invalid vuid used %d in accessing " -@@ -230,8 +232,8 @@ - */ - - int i; -- for (i = 0; i < current_user.ut.ngroups; i++) { -- if (current_user.ut.groups[i] == conn->gid) { -+ for (i = 0; i < num_groups; i++) { -+ if (group_list[i] == conn->gid) { - gid = conn->gid; - gid_to_sid(&token->user_sids[1], gid); - break; -@@ -243,6 +245,12 @@ - } - } - -+ /* Now set current_user since we will immediately also call -+ set_sec_ctx() */ -+ -+ current_user.ut.ngroups = num_groups; -+ current_user.ut.groups = group_list; -+ - set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups, - token); - |