/[smeserver]/rpms/samba/sme10/CVE-2016-2119-v4-4.patch
ViewVC logotype

Annotation of /rpms/samba/sme10/CVE-2016-2119-v4-4.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Thu Mar 2 16:04:48 2017 UTC (7 years, 3 months ago) by unnilennium
Branch: MAIN
CVS Tags: samba-4_4_4-12_5_el7_sme, samba-4_4_4-12_6_el7_sme, samba-4_4_4-14_6_el7_sme, samba-4_4_4-12_el7_3 
update to samba-4.4.4-12 upstream version
1 unnilennium 1.1 From 3f8b6a3c56ec188d662767027703999faf14e71f Mon Sep 17 00:00:00 2001
2     From: Stefan Metzmacher <metze@samba.org>
3     Date: Wed, 20 Apr 2016 11:26:57 +0200
4     Subject: [PATCH 1/3] CVE-2016-2019: libcli/smb: don't allow guest sessions if
5     we require signing
6    
7     Note real anonymous sessions (with "" as username) don't hit this
8     as we don't even call smb2cli_session_set_session_key() in that case.
9    
10     BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
11    
12     Signed-off-by: Stefan Metzmacher <metze@samba.org>
13     ---
14     libcli/smb/smbXcli_base.c | 19 +++++++++++++++++--
15     1 file changed, 17 insertions(+), 2 deletions(-)
16    
17     diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
18     index 4332374..691b8ff 100644
19     --- a/libcli/smb/smbXcli_base.c
20     +++ b/libcli/smb/smbXcli_base.c
21     @@ -5312,6 +5312,10 @@ bool smbXcli_session_is_guest(struct smbXcli_session *session)
22     return false;
23     }
24    
25     + if (session->conn->mandatory_signing) {
26     + return false;
27     + }
28     +
29     if (session->conn->protocol >= PROTOCOL_SMB2_02) {
30     if (session->smb2->session_flags & SMB2_SESSION_FLAG_IS_GUEST) {
31     return true;
32     @@ -5571,7 +5575,7 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
33     const struct iovec *recv_iov)
34     {
35     struct smbXcli_conn *conn = session->conn;
36     - uint16_t no_sign_flags;
37     + uint16_t no_sign_flags = 0;
38     uint8_t session_key[16];
39     bool check_signature = true;
40     uint32_t hdr_flags;
41     @@ -5596,7 +5600,18 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
42     return NT_STATUS_INVALID_PARAMETER_MIX;
43     }
44    
45     - no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST | SMB2_SESSION_FLAG_IS_NULL;
46     + if (!conn->mandatory_signing) {
47     + /*
48     + * only allow guest sessions without
49     + * mandatory signing.
50     + *
51     + * If we try an authentication with username != ""
52     + * and the server let us in without verifying the
53     + * password we don't have a negotiated session key
54     + * for signing.
55     + */
56     + no_sign_flags = SMB2_SESSION_FLAG_IS_GUEST;
57     + }
58    
59     if (session->smb2->session_flags & no_sign_flags) {
60     session->smb2->should_sign = false;
61     --
62     1.9.1
63    
64    
65     From 11db8ea97ddb3cf9fde48dbe5df14a71ebc308db Mon Sep 17 00:00:00 2001
66     From: Stefan Metzmacher <metze@samba.org>
67     Date: Thu, 28 Apr 2016 02:36:35 +0200
68     Subject: [PATCH 2/3] CVE-2016-2019: s3:libsmb: add comment regarding
69     smbXcli_session_is_guest() with mandatory signing
70    
71     BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
72    
73     Signed-off-by: Stefan Metzmacher <metze@samba.org>
74     ---
75     source3/libsmb/cliconnect.c | 3 +++
76     1 file changed, 3 insertions(+)
77    
78     diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
79     index ea92c8f..ebba8f2 100644
80     --- a/source3/libsmb/cliconnect.c
81     +++ b/source3/libsmb/cliconnect.c
82     @@ -1588,6 +1588,9 @@ static void cli_session_setup_gensec_remote_done(struct tevent_req *subreq)
83     * have a negotiated session key.
84     *
85     * So just pretend we are completely done.
86     + *
87     + * Note that smbXcli_session_is_guest()
88     + * always returns false if we require signing.
89     */
90     state->blob_in = data_blob_null;
91     state->local_ready = true;
92     --
93     1.9.1
94    
95    
96     From 28ed026b9486fb248daf713655ea307c478d2832 Mon Sep 17 00:00:00 2001
97     From: Stefan Metzmacher <metze@samba.org>
98     Date: Thu, 28 Apr 2016 02:24:52 +0200
99     Subject: [PATCH 3/3] CVE-2016-2019: s3:selftest: add regression tests for
100     guest logins and mandatory signing
101    
102     BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
103    
104     Signed-off-by: Stefan Metzmacher <metze@samba.org>
105     ---
106     source3/script/tests/test_smbclient_ntlm.sh | 4 ++++
107     1 file changed, 4 insertions(+)
108    
109     diff --git a/source3/script/tests/test_smbclient_ntlm.sh b/source3/script/tests/test_smbclient_ntlm.sh
110     index b8fc564..33a927f 100755
111     --- a/source3/script/tests/test_smbclient_ntlm.sh
112     +++ b/source3/script/tests/test_smbclient_ntlm.sh
113     @@ -37,4 +37,8 @@ else
114    
115     testit "smbclient baduser.badpassword.NT1NEW.guest" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 -c quit $ADDARGS
116     testit "smbclient baduser.badpassword.SMB3.guest" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mSMB3 -c quit $ADDARGS
117     +
118     + testit_expect_failure "smbclient baduser.badpassword.NT1OLD.signfail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 --option=clientusespnego=no --option=clientntlmv2auth=no --signing=required -c quit $ADDARGS
119     + testit_expect_failure "smbclient baduser.badpassword.NT1NEW.signfail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 --signing=required -c quit $ADDARGS
120     + testit_expect_failure "smbclient baduser.badpassword.SMB3.signfail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mSMB3 --signing=required -c quit $ADDARGS
121     fi
122     --
123     1.9.1
124    
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed