/[smeserver]/rpms/samba/sme10/CVE-2016-2119-v4-2.patch
ViewVC logotype

Contents of /rpms/samba/sme10/CVE-2016-2119-v4-2.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (show annotations) (download)
Thu Mar 2 16:04:48 2017 UTC (7 years, 9 months ago) by unnilennium
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +0 -0 lines
FILE REMOVED
update to samba-4.4.4-12 upstream version

1 From ec42fe46d4c126d9c2ebc20c1cb168ad5e06a21e Mon Sep 17 00:00:00 2001
2 From: Stefan Metzmacher <metze@samba.org>
3 Date: Wed, 20 Apr 2016 11:26:57 +0200
4 Subject: [PATCH 1/3] CVE-2016-2019: libcli/smb: don't allow guest sessions if
5 we require signing
6
7 Note real anonymous sessions (with "" as username) don't hit this
8 as we don't even call smb2cli_session_set_session_key() in that case.
9
10 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
11
12 Signed-off-by: Stefan Metzmacher <metze@samba.org>
13 ---
14 libcli/smb/smbXcli_base.c | 19 +++++++++++++++++--
15 1 file changed, 17 insertions(+), 2 deletions(-)
16
17 diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
18 index b07fdad..6797207 100644
19 --- a/libcli/smb/smbXcli_base.c
20 +++ b/libcli/smb/smbXcli_base.c
21 @@ -4952,6 +4952,10 @@ bool smbXcli_session_is_guest(struct smbXcli_session *session)
22 return false;
23 }
24
25 + if (session->conn->mandatory_signing) {
26 + return false;
27 + }
28 +
29 if (session->conn->protocol >= PROTOCOL_SMB2_02) {
30 if (session->smb2->session_flags & SMB2_SESSION_FLAG_IS_GUEST) {
31 return true;
32 @@ -5177,7 +5181,7 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
33 const struct iovec *recv_iov)
34 {
35 struct smbXcli_conn *conn = session->conn;
36 - uint16_t no_sign_flags;
37 + uint16_t no_sign_flags = 0;
38 uint8_t session_key[16];
39 bool check_signature = true;
40 uint32_t hdr_flags;
41 @@ -5191,7 +5195,18 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
42 return NT_STATUS_INVALID_PARAMETER_MIX;
43 }
44
45 - no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST | SMB2_SESSION_FLAG_IS_NULL;
46 + if (!conn->mandatory_signing) {
47 + /*
48 + * only allow guest sessions without
49 + * mandatory signing.
50 + *
51 + * If we try an authentication with username != ""
52 + * and the server let us in without verifying the
53 + * password we don't have a negotiated session key
54 + * for signing.
55 + */
56 + no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST;
57 + }
58
59 if (session->smb2->session_flags & no_sign_flags) {
60 session->smb2->should_sign = false;
61 --
62 1.9.1
63
64
65 From c303bd4bdf6e3f89e6821abb13e3ef40164944f5 Mon Sep 17 00:00:00 2001
66 From: Stefan Metzmacher <metze@samba.org>
67 Date: Thu, 28 Apr 2016 02:36:35 +0200
68 Subject: [PATCH 2/3] CVE-2016-2019: s3:libsmb: add comment regarding
69 smbXcli_session_is_guest() with mandatory signing
70
71 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
72
73 Signed-off-by: Stefan Metzmacher <metze@samba.org>
74 ---
75 source3/libsmb/cliconnect.c | 3 +++
76 1 file changed, 3 insertions(+)
77
78 diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
79 index 420fe3c..3de3796 100644
80 --- a/source3/libsmb/cliconnect.c
81 +++ b/source3/libsmb/cliconnect.c
82 @@ -1606,6 +1606,9 @@ static void cli_session_setup_gensec_remote_done(struct tevent_req *subreq)
83 * have a negotiated session key.
84 *
85 * So just pretend we are completely done.
86 + *
87 + * Note that smbXcli_session_is_guest()
88 + * always returns false if we require signing.
89 */
90 state->blob_in = data_blob_null;
91 state->local_ready = true;
92 --
93 1.9.1
94
95
96 From fd0750e860b18b1182126dcf7ccc1f7dd38560ce Mon Sep 17 00:00:00 2001
97 From: Stefan Metzmacher <metze@samba.org>
98 Date: Thu, 28 Apr 2016 02:24:52 +0200
99 Subject: [PATCH 3/3] CVE-2016-2019: s3:selftest: add regression tests for
100 guest logins and mandatory signing
101
102 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
103
104 Signed-off-by: Stefan Metzmacher <metze@samba.org>
105 ---
106 source3/script/tests/test_smbclient_ntlm.sh | 4 ++++
107 1 file changed, 4 insertions(+)
108
109 diff --git a/source3/script/tests/test_smbclient_ntlm.sh b/source3/script/tests/test_smbclient_ntlm.sh
110 index b8fc564..33a927f 100755
111 --- a/source3/script/tests/test_smbclient_ntlm.sh
112 +++ b/source3/script/tests/test_smbclient_ntlm.sh
113 @@ -37,4 +37,8 @@ else
114
115 testit "smbclient baduser.badpassword.NT1NEW.guest" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 -c quit $ADDARGS
116 testit "smbclient baduser.badpassword.SMB3.guest" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mSMB3 -c quit $ADDARGS
117 +
118 + testit_expect_failure "smbclient baduser.badpassword.NT1OLD.signfail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 --option=clientusespnego=no --option=clientntlmv2auth=no --signing=required -c quit $ADDARGS
119 + testit_expect_failure "smbclient baduser.badpassword.NT1NEW.signfail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 --signing=required -c quit $ADDARGS
120 + testit_expect_failure "smbclient baduser.badpassword.SMB3.signfail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mSMB3 --signing=required -c quit $ADDARGS
121 fi
122 --
123 1.9.1
124

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed