Projects
openEuler:20.03:LTS:SP3
samba
_service:tar_scm_kernel_repo:backport-0009-CVE-...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:backport-0009-CVE-2022-32743-s4-rpc_server-netlogon-Remove-dNSHost.patch of Package samba
From d07641fc5a7d2fa323e6d6fe3223da3a6d682405 Mon Sep 17 00:00:00 2001 From: Joseph Sutton <josephsutton@catalyst.net.nz> Date: Thu, 2 Jun 2022 17:11:08 +1200 Subject: [PATCH 09/15] CVE-2022-32743 s4:rpc_server/netlogon: Remove dNSHostName prefix check This check is not exhaustive (it does not check the suffix of the dNSHostName), and should be covered by a validated write check in acl_modify(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> --- selftest/knownfail.d/netlogon-dns-host-name | 5 +++++ source4/rpc_server/netlogon/dcerpc_netlogon.c | 21 ++------------------- 2 files changed, 7 insertions(+), 19 deletions(-) diff --git a/selftest/knownfail.d/netlogon-dns-host-name b/selftest/knownfail.d/netlogon-dns-host-name index 0164a7c..d6a8aa2 100644 --- a/selftest/knownfail.d/netlogon-dns-host-name +++ b/selftest/knownfail.d/netlogon-dns-host-name @@ -1,4 +1,6 @@ ^samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_set_dns_hostname_invalid_suffix\( +^samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_set_dns_hostname_invalid_validated_write\( +^samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_set_dns_hostname_invalid_write_property\( ^samba.tests.py_credentials.samba.tests.py_credentials.PyCredentialsTests.test_set_dns_hostname_with_flag\( ^samba4.rpc.netlogon on ncacn_ip_tcp with bigendian.netlogon.GetDomainInfo\( ^samba4.rpc.netlogon on ncacn_ip_tcp with seal,padcheck.netlogon.GetDomainInfo\( @@ -6,6 +8,9 @@ ^samba4.rpc.netlogon on ncacn_np with bigendian.netlogon.GetDomainInfo\( ^samba4.rpc.netlogon on ncacn_np with seal,padcheck.netlogon.GetDomainInfo\( ^samba4.rpc.netlogon on ncacn_np with validate.netlogon.GetDomainInfo\( +^samba4.rpc.netlogon on ncalrpc with bigendian.netlogon.GetDomainInfo\( +^samba4.rpc.netlogon on ncalrpc with seal,padcheck.netlogon.GetDomainInfo\( +^samba4.rpc.netlogon on ncalrpc with validate.netlogon.GetDomainInfo\( ^samba4.rpc.netlogon with bigendian.netlogon.GetDomainInfo\( ^samba4.rpc.netlogon with seal,padcheck.netlogon.GetDomainInfo\( ^samba4.rpc.netlogon with validate.netlogon.GetDomainInfo\( diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index eab57da..2d5fc8b 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -2413,7 +2413,7 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal }; const char * const attrs2[] = { "sAMAccountName", "dNSHostName", "msDS-SupportedEncryptionTypes", NULL }; - const char *sam_account_name, *old_dns_hostname, *prefix1, *prefix2; + const char *sam_account_name, *old_dns_hostname; struct ldb_context *sam_ctx; const struct GUID *our_domain_guid = NULL; struct lsa_TrustDomainInfoInfoEx *our_tdo = NULL; @@ -2483,24 +2483,7 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal return NT_STATUS_INTERNAL_DB_CORRUPTION; } - /* - * Checks that the sam account name without a possible "$" - * matches as prefix with the DNS hostname in the workstation - * info structure. - */ - prefix1 = talloc_strndup(mem_ctx, sam_account_name, - strcspn(sam_account_name, "$")); - NT_STATUS_HAVE_NO_MEMORY(prefix1); - if (r->in.query->workstation_info->dns_hostname != NULL) { - prefix2 = talloc_strndup(mem_ctx, - r->in.query->workstation_info->dns_hostname, - strcspn(r->in.query->workstation_info->dns_hostname, ".")); - NT_STATUS_HAVE_NO_MEMORY(prefix2); - - if (strcasecmp(prefix1, prefix2) != 0) { - update_dns_hostname = false; - } - } else { + if (r->in.query->workstation_info->dns_hostname == NULL) { update_dns_hostname = false; } -- 1.8.3.1
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.