Date: Thu, 15 Jul 2004 23:44:29 +0200 From: "Timur I. Bakeyev" <timur@gnu.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/69131: Security update for net/samba3 Message-ID: <20040715214429.GA42878@timur.home.bat.ru> Resent-Message-ID: <200407152150.i6FLoEZW011956@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 69131 >Category: ports >Synopsis: Security update for net/samba3 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu Jul 15 21:50:14 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Timur I. Bakeyev >Release: FreeBSD 5.2-CURRENT i386 >Organization: >Environment: System: FreeBSD timur.home.bat.ru 5.2-CURRENT FreeBSD 5.2-CURRENT #0: Tue Apr 6 20:29:11 CEST 2004 root@timur.home.bat.ru:/usr/src/sys/i386/compile/COMMON i386 >Description: This patch effectivelly updates net/samba3 to 3.0.5 version, which is a security fix for the 3.0.4. >How-To-Repeat: >Fix: Attached file contains the patch against the current port. From: "Timur I. Bakeyev" <timur@com.bat.ru> To: freebsd Cc: Bcc: Subject: t Reply-To: X-Organization: RIPE Network Coordination Centre X-Phone: +31 20 535 4444 X-Fax: +31 20 535 4445 X-WWW: http://www.ripe.net --WIyZ46R2i8wDzkSu Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="samba.diff" Index: Makefile =================================================================== RCS file: /home/ncvs/ports/net/samba3/Makefile,v retrieving revision 1.124 diff -u -u -r1.124 Makefile --- Makefile 3 Jul 2004 12:46:41 -0000 1.124 +++ Makefile 15 Jul 2004 21:08:20 -0000 @@ -7,7 +7,7 @@ PORTNAME= samba PORTVERSION= 3.0.4 -PORTREVISION?= 3 +PORTREVISION?= 4 PORTEPOCH?= 1 CATEGORIES?= net MASTER_SITES= ${MASTER_SITE_SAMBA} Index: files/patch-lib_util_str.c =================================================================== RCS file: /home/ncvs/ports/net/samba3/files/patch-lib_util_str.c,v retrieving revision 1.1 diff -u -u -r1.1 patch-lib_util_str.c --- files/patch-lib_util_str.c 18 May 2004 14:52:47 -0000 1.1 +++ files/patch-lib_util_str.c 15 Jul 2004 21:05:01 -0000 @@ -1,6 +1,36 @@ ---- lib/util_str.c.orig Tue Apr 20 22:42:55 2004 -+++ lib/util_str.c Fri May 14 02:02:30 2004 -@@ -1980,10 +1980,16 @@ +--- lib/util_str.c.orig Thu Jul 15 22:49:39 2004 ++++ lib/util_str.c Thu Jul 15 23:03:08 2004 +@@ -1980,7 +1980,9 @@ + s++; i++; + } + +- if (*s == '=') n -= 1; ++ if ((n > 0) && (*s == '=')) { ++ n -= 1; ++ } + + /* fix up length */ + decoded.length = n; +@@ -1993,9 +1995,15 @@ + void base64_decode_inplace(char *s) + { + DATA_BLOB decoded = base64_decode_data_blob(s); +- memcpy(s, decoded.data, decoded.length); +- /* null terminate */ +- s[decoded.length] = '\0'; ++ ++ if ( decoded.length != 0 ) { ++ memcpy(s, decoded.data, decoded.length); ++ ++ /* null terminate */ ++ s[decoded.length] = '\0'; ++ } else { ++ *s = '\0'; ++ } + + data_blob_free(&decoded); + } +@@ -2009,10 +2017,16 @@ { int bits = 0; int char_count = 0; --WIyZ46R2i8wDzkSu-- >Release-Note: >Audit-Trail: >Unformatted: --WIyZ46R2i8wDzkSu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040715214429.GA42878>