diff options
author | Hauke Mehrtens <hauke@hauke-m.de> | 2016-04-16 20:06:34 +0000 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2016-04-16 20:06:34 +0000 |
commit | 1414f1647d435a7eda48d9433a022286a46d9097 (patch) | |
tree | 633f8ca00f7284130188a3f6e8e65025009f9ff2 /package/network/services/samba36/patches/250-remove_domain_logon.patch | |
parent | 894aed060ee15dafea19d94157adddf38ff8e2e7 (diff) | |
download | upstream-1414f1647d435a7eda48d9433a022286a46d9097.tar.gz upstream-1414f1647d435a7eda48d9433a022286a46d9097.tar.bz2 upstream-1414f1647d435a7eda48d9433a022286a46d9097.zip |
samba: fix some security problems
This fixes the following security problems:
* CVE-2015-7560
* CVE-2015-5370
* CVE-2016-2110
* CVE-2016-2111
* CVE-2016-2112
* CVE-2016-2115
* CVE-2016-2118
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 49175
Diffstat (limited to 'package/network/services/samba36/patches/250-remove_domain_logon.patch')
-rw-r--r-- | package/network/services/samba36/patches/250-remove_domain_logon.patch | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/package/network/services/samba36/patches/250-remove_domain_logon.patch b/package/network/services/samba36/patches/250-remove_domain_logon.patch index f7582ef3bd..9b434c515a 100644 --- a/package/network/services/samba36/patches/250-remove_domain_logon.patch +++ b/package/network/services/samba36/patches/250-remove_domain_logon.patch @@ -183,3 +183,31 @@ /* * Force a log file check. +--- a/source3/rpc_server/srv_pipe.c ++++ b/source3/rpc_server/srv_pipe.c +@@ -421,10 +421,12 @@ static bool check_bind_req(struct pipes_ + if (ok) { + context_fns->allow_connect = false; + } ++#ifdef NETLOGON_SUPPORT + ok = ndr_syntax_id_equal(abstract, &ndr_table_netlogon.syntax_id); + if (ok) { + context_fns->allow_connect = false; + } ++#endif + /* + * for the epmapper and echo interfaces we allow "connect" + * auth_level by default. +--- a/source3/rpc_client/cli_pipe.c ++++ b/source3/rpc_client/cli_pipe.c +@@ -2221,6 +2221,10 @@ static void rpc_pipe_bind_step_two_trigg + struct schannel_state); + struct tevent_req *subreq; + ++#ifndef NETLOGON_SUPPORT ++ tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL); ++ return; ++#endif + if (schannel_auth == NULL || + !ndr_syntax_id_equal(&state->cli->abstract_syntax, + &ndr_table_netlogon.syntax_id)) { |