[samba/f19] Fix winbind cache keysize limitations.
Guenther Deschner
gd at fedoraproject.org
Tue Nov 26 11:47:38 UTC 2013
commit 7a0ccdd37dbfdf7846fa863139ebc110379c1dc6
Author: Günther Deschner <gd at samba.org>
Date: Tue Nov 26 12:47:01 2013 +0100
Fix winbind cache keysize limitations.
resolves: #1030964
Guenther
samba-4.1.2-winbind_cache_keysize.patch | 41 +++++++++++++++++++++++++++++++
samba.spec | 7 ++++-
2 files changed, 47 insertions(+), 1 deletions(-)
---
diff --git a/samba-4.1.2-winbind_cache_keysize.patch b/samba-4.1.2-winbind_cache_keysize.patch
new file mode 100644
index 0000000..fd4b505
--- /dev/null
+++ b/samba-4.1.2-winbind_cache_keysize.patch
@@ -0,0 +1,41 @@
+From 944e9fbc20f125b52e047484dca1792d75561ed9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd at samba.org>
+Date: Wed, 13 Nov 2013 15:10:33 +0100
+Subject: [PATCH] s3-winbindd: Fix #10264, cache_traverse_validate_fn failure
+ for NDR cache entries.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+We need to increase the keysize limit for NDR queries. A wbint_LookupSids query
+for just 20 sids already hits the older limit.
+
+Guenther
+
+https://bugzilla.samba.org/show_bug.cgi?id=10264
+Signed-off-by: Günther Deschner <gd at samba.org>
+Reviewed-by: Michael Adam <obnox at samba.org>
+
+Autobuild-User(master): Michael Adam <obnox at samba.org>
+Autobuild-Date(master): Wed Nov 13 19:33:46 CET 2013 on sn-devel-104
+---
+ source3/winbindd/winbindd_cache.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
+index 91c19fa..267cefc 100644
+--- a/source3/winbindd/winbindd_cache.c
++++ b/source3/winbindd/winbindd_cache.c
+@@ -4065,7 +4065,8 @@ static int cache_traverse_validate_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_D
+ struct tdb_validation_status *v_state = (struct tdb_validation_status *)state;
+
+ /* Paranoia check. */
+- if (strncmp("UA/", (const char *)kbuf.dptr, 3) == 0) {
++ if (strncmp("UA/", (const char *)kbuf.dptr, 3) == 0 ||
++ strncmp("NDR/", (const char *)kbuf.dptr, 4) == 0) {
+ max_key_len = 1024 * 1024;
+ }
+ if (kbuf.dsize > max_key_len) {
+--
+1.8.3.1
+
diff --git a/samba.spec b/samba.spec
index 99c1c36..fe4b1af 100644
--- a/samba.spec
+++ b/samba.spec
@@ -1,7 +1,7 @@
# Set --with testsuite or %bcond_without to run the Samba torture testsuite.
%bcond_with testsuite
-%define main_release 1
+%define main_release 2
%define samba_version 4.0.11
%define talloc_version 2.0.7
@@ -79,6 +79,7 @@ Source200: README.dc
Source201: README.downgrade
Patch3: samba-4.1.0rc1-fix_wbinfo_krb5ccname.patch
+Patch4: samba-4.1.2-winbind_cache_keysize.patch
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
@@ -471,6 +472,7 @@ module necessary to communicate to the Winbind Daemon
%prep
%setup -q -n samba-%{version}%{pre_release}
%patch3 -p1
+%patch4 -p1 -b .samba-4.1.2-winbind_cache_keysize.patch
%build
%global _talloc_lib ,talloc,pytalloc,pytalloc-util
@@ -1524,6 +1526,9 @@ rm -rf %{buildroot}
%{_mandir}/man8/pam_winbind.8*
%changelog
+* Tue Nov 26 2013 - Guenther Deschner <gdeschner at redhat.com> 2:4.0.11-2
+- resolves: #1030964 - Fix winbind cache keysize limitations.
+
* Mon Nov 11 2013 - Andreas Schneider <asn at redhat.com> 2:4.0.11-1
- resolves: #1024544 - Fix CVE-2013-4475.
More information about the scm-commits
mailing list