wok rev 19962
samba: CVE-2017-7494
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Mon May 29 18:14:44 2017 +0200 (2017-05-29) |
parents | 29880ea81c05 |
children | 49b17cd62229 |
files | samba/receipt samba/stuff/CVE-2017-7494.u |
line diff
1.1 --- a/samba/receipt Sun May 28 19:09:06 2017 +0200 1.2 +++ b/samba/receipt Mon May 29 18:14:44 2017 +0200 1.3 @@ -22,6 +22,7 @@ 1.4 # Rules to configure and make the package. 1.5 compile_rules() 1.6 { 1.7 + patch -p0 < $stuff/CVE-2017-7494.u 1.8 cd $src/source3 1.9 ./configure --prefix=/usr --infodir=/usr/share/info \ 1.10 --with-piddir=/var/run/samba --with-lockdir=/var/run/samba \
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/samba/stuff/CVE-2017-7494.u Mon May 29 18:14:44 2017 +0200 2.3 @@ -0,0 +1,15 @@ 2.4 +CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside 2.5 +--- source3/rpc_server/srv_pipe.c 2.6 ++++ source3/rpc_server/srv_pipe.c 2.7 +@@ -384,6 +384,11 @@ bool is_known_pipename(const char *pipename, struct ndr_syntax_id *syntax) 2.8 + { 2.9 + NTSTATUS status; 2.10 + 2.11 ++ if (strchr(pipename, '/')) { 2.12 ++ DEBUG(1, ("Refusing open on pipe %s\n", pipename)); 2.13 ++ return false; 2.14 ++ } 2.15 ++ 2.16 + if (lp_disable_spoolss() && strequal(pipename, "spoolss")) { 2.17 + DEBUG(10, ("refusing spoolss access\n")); 2.18 + return false;