wok-6.x rev 19962

samba: CVE-2017-7494
author Pascal Bellard <pascal.bellard@slitaz.org>
date Mon May 29 18:14:44 2017 +0200 (2017-05-29)
parents 29880ea81c05
children 49b17cd62229
files samba/receipt samba/stuff/CVE-2017-7494.u
line diff
     1.1 --- a/samba/receipt	Sun May 28 19:09:06 2017 +0200
     1.2 +++ b/samba/receipt	Mon May 29 18:14:44 2017 +0200
     1.3 @@ -22,6 +22,7 @@
     1.4  # Rules to configure and make the package.
     1.5  compile_rules()
     1.6  {
     1.7 +	patch -p0 < $stuff/CVE-2017-7494.u
     1.8  	cd $src/source3
     1.9  	./configure --prefix=/usr --infodir=/usr/share/info \
    1.10  	--with-piddir=/var/run/samba --with-lockdir=/var/run/samba \
     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/samba/stuff/CVE-2017-7494.u	Mon May 29 18:14:44 2017 +0200
     2.3 @@ -0,0 +1,15 @@
     2.4 +CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
     2.5 +--- source3/rpc_server/srv_pipe.c
     2.6 ++++ source3/rpc_server/srv_pipe.c
     2.7 +@@ -384,6 +384,11 @@ bool is_known_pipename(const char *pipename, struct ndr_syntax_id *syntax)
     2.8 + {
     2.9 + 	NTSTATUS status;
    2.10 + 
    2.11 ++	if (strchr(pipename, '/')) {
    2.12 ++		DEBUG(1, ("Refusing open on pipe %s\n", pipename));
    2.13 ++		return false;
    2.14 ++	}
    2.15 ++
    2.16 + 	if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
    2.17 + 		DEBUG(10, ("refusing spoolss access\n"));
    2.18 + 		return false;