Projects
openEuler:20.03:LTS:SP3
samba
_service:tar_scm_kernel_repo:backport-0030-CVE-...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:backport-0030-CVE-2022-38023.patch of Package samba
From 19aa47e3db550fd3099f06c9b97dc5800dd5afb3 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero <scabrero@suse.de> Date: Thu, 22 Dec 2022 11:33:12 +0100 Subject: [PATCH 31/40] CVE-2022-38023 s3:rpc_server/netlogon: add talloc_stackframe() to dcesrv_netr_creds_server_step_check() This will simplify the following changes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Conflict: NA Reference: https://attachments.samba.org/attachment.cgi?id=17736 --- source3/rpc_server/netlogon/srv_netlog_nt.c | 38 ++++++++++++--------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c index 3221ebaa2e2..8e907e60f7e 100644 --- a/source3/rpc_server/netlogon/srv_netlog_nt.c +++ b/source3/rpc_server/netlogon/srv_netlog_nt.c @@ -1070,6 +1070,7 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p, struct netr_Authenticator *return_authenticator, struct netlogon_creds_CredentialState **creds_out) { + TALLOC_CTX *frame = talloc_stackframe(); NTSTATUS status; bool schannel_global_required = (lp_server_schannel() == true) ? true:false; bool schannel_required = schannel_global_required; @@ -1091,19 +1092,19 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p, auth_type = p->auth.auth_type; - lp_ctx = loadparm_init_s3(mem_ctx, loadparm_s3_helpers()); + lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers()); if (lp_ctx == NULL) { DEBUG(0, ("loadparm_init_s3 failed\n")); + TALLOC_FREE(frame); return NT_STATUS_INTERNAL_ERROR; } status = schannel_check_creds_state(mem_ctx, lp_ctx, computer_name, received_authenticator, return_authenticator, &creds); - talloc_unlink(mem_ctx, lp_ctx); - if (!NT_STATUS_IS_OK(status)) { ZERO_STRUCTP(return_authenticator); + TALLOC_FREE(frame); return status; } @@ -1124,6 +1125,7 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p, if (schannel_required) { if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) { *creds_out = creds; + TALLOC_FREE(frame); return NT_STATUS_OK; } @@ -1131,13 +1133,15 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p, "%s request (opnum[%u]) without schannel from " "client_account[%s] client_computer_name[%s]\n", opname, opnum, - log_escape(mem_ctx, creds->account_name), - log_escape(mem_ctx, creds->computer_name)); + log_escape(frame, creds->account_name), + log_escape(frame, creds->computer_name)); DBG_ERR("CVE-2020-1472(ZeroLogon): Check if option " - "'server require schannel:%s = no' is needed! \n", - log_escape(mem_ctx, creds->account_name)); + "'server require schannel:%s = no' " + "might be needed for a legacy client.\n", + log_escape(frame, creds->account_name)); TALLOC_FREE(creds); ZERO_STRUCTP(return_authenticator); + TALLOC_FREE(frame); return NT_STATUS_ACCESS_DENIED; } @@ -1156,13 +1160,14 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p, "%s request (opnum[%u]) WITH schannel from " "client_account[%s] client_computer_name[%s]\n", opname, opnum, - log_escape(mem_ctx, creds->account_name), - log_escape(mem_ctx, creds->computer_name)); + log_escape(frame, creds->account_name), + log_escape(frame, creds->computer_name)); DBG_ERR("CVE-2020-1472(ZeroLogon): " "Option 'server require schannel:%s = no' not needed!?\n", - log_escape(mem_ctx, creds->account_name)); + log_escape(frame, creds->account_name)); *creds_out = creds; + TALLOC_FREE(frame); return NT_STATUS_OK; } @@ -1171,24 +1176,25 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p, "%s request (opnum[%u]) without schannel from " "client_account[%s] client_computer_name[%s]\n", opname, opnum, - log_escape(mem_ctx, creds->account_name), - log_escape(mem_ctx, creds->computer_name)); + log_escape(frame, creds->account_name), + log_escape(frame, creds->computer_name)); DBG_INFO("CVE-2020-1472(ZeroLogon): " "Option 'server require schannel:%s = no' still needed!\n", - log_escape(mem_ctx, creds->account_name)); + log_escape(frame, creds->account_name)); } else { DBG_ERR("CVE-2020-1472(ZeroLogon): " "%s request (opnum[%u]) without schannel from " "client_account[%s] client_computer_name[%s]\n", opname, opnum, - log_escape(mem_ctx, creds->account_name), - log_escape(mem_ctx, creds->computer_name)); + log_escape(frame, creds->account_name), + log_escape(frame, creds->computer_name)); DBG_ERR("CVE-2020-1472(ZeroLogon): Check if option " "'server require schannel:%s = no' might be needed!\n", - log_escape(mem_ctx, creds->account_name)); + log_escape(frame, creds->account_name)); } *creds_out = creds; + TALLOC_FREE(frame); return NT_STATUS_OK; } -- 2.39.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.