Projects
openEuler:20.03:LTS:SP3
samba
_service:tar_scm_kernel_repo:backport-0028-CVE-...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:backport-0028-CVE-2022-2031-CVE-2022-32744.patch of Package samba
From 29ec8b2369b5f5e2a660a3165d2528982514a0f2 Mon Sep 17 00:00:00 2001 From: Joseph Sutton <josephsutton@catalyst.net.nz> Date: Fri, 27 May 2022 19:21:06 +1200 Subject: [PATCH 72/99] CVE-2022-2031 s4:kpasswd: Correctly generate error strings The error_data we create already has an explicit length, and should not be zero-terminated, so we omit the trailing null byte. Previously, Heimdal builds would leave a superfluous trailing null byte on error strings, while MIT builds would omit the final character. The two bytes added to the string's length are for the prepended error code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> [jsutton@samba.org Removed MIT KDC 1.20-specific knownfails] Conflict: remove selftest/knownfail_heimdal_kdc selftest/knownfail_mit_kdc --- source4/kdc/kpasswd-helper.c | 13 ++++++------- 3 files changed, 6 insertions(+), 34 deletions(-) diff --git a/source4/kdc/kpasswd-helper.c b/source4/kdc/kpasswd-helper.c index 995f54825b5..55a2f5b3bf6 100644 --- a/source4/kdc/kpasswd-helper.c +++ b/source4/kdc/kpasswd-helper.c @@ -48,17 +48,16 @@ bool kpasswd_make_error_reply(TALLOC_CTX *mem_ctx, } /* - * The string 's' has two terminating nul-bytes which are also - * reflected by 'slen'. Normally Kerberos doesn't expect that strings - * are nul-terminated, but Heimdal does! + * The string 's' has one terminating nul-byte which is also + * reflected by 'slen'. We subtract it from the length. */ -#ifndef SAMBA4_USES_HEIMDAL - if (slen < 2) { + if (slen < 1) { talloc_free(s); return false; } - slen -= 2; -#endif + slen--; + + /* Two bytes are added to the length to account for the error code. */ if (2 + slen < slen) { talloc_free(s); return false; -- 2.25.1
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.