Cherrypick from master 2010-06-18 10:16:27 UTC Elan Ruusamäe <glen@pld-linux.org> '- fix for CVE-2010-2063; rel 3':
samba-3.0.37-CVE-2010-2063.patch -> 1.1
samba.logrotate -> 1.8
smb.init -> 1.22
winbind.init -> 1.11
--- /dev/null
+diff --git a/source/smbd/process.c b/source/smbd/process.c
+index e861e16..6499bc7 100644
+--- a/source/smbd/process.c
++++ b/source/smbd/process.c
+@@ -1159,6 +1159,7 @@ int chain_reply(char *inbuf,char *outbuf,int size,int bufsize)
+ {
+ static char *orig_inbuf;
+ static char *orig_outbuf;
++ static int orig_size;
+ int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0);
+ unsigned smb_off2 = SVAL(inbuf,smb_vwv1);
+ char *inbuf2, *outbuf2;
+@@ -1178,6 +1179,13 @@ int chain_reply(char *inbuf,char *outbuf,int size,int bufsize)
+ /* this is the first part of the chain */
+ orig_inbuf = inbuf;
+ orig_outbuf = outbuf;
++ orig_size = size;
++ }
++
++ /* Validate smb_off2 */
++ if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) {
++ exit_server_cleanly("Bad chained packet");
++ return -1;
+ }
+
+ /*
+@@ -1192,6 +1200,11 @@ int chain_reply(char *inbuf,char *outbuf,int size,int bufsize)
+ SSVAL(outbuf,smb_vwv1,smb_offset(outbuf+outsize,outbuf));
+ SCVAL(outbuf,smb_vwv0,smb_com2);
+
++ if (outsize <= smb_wct) {
++ exit_server_cleanly("Bad chained packet");
++ return -1;
++ }
++
+ /* remember how much the caller added to the chain, only counting stuff
+ after the parameter words */
+ chain_size += outsize - smb_wct;
--- /dev/null
+/var/log/samba/log.* {
+ sharedscripts
+ notifempty
+ missingok
+ olddir /var/log/archive/samba
+ postrotate
+ /bin/killall -HUP nmbd smbd
+ endscript
+}
--- /dev/null
+#!/bin/sh
+#
+# chkconfig: 345 91 35
+# description: Starts and stops the Samba smbd and nmbd daemons \
+# used to provide SMB network services.
+#
+# config: /etc/samba/smb.conf
+# config: /etc/samba/lmhosts
+# processname: nmbd
+# processname: smbd
+
+export PATH=/bin:/sbin:/usr/bin:/usr/sbin
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Source networking configuration.
+. /etc/sysconfig/network
+
+# Demon specified configuration.
+. /etc/sysconfig/samba
+
+# Check that networking is up.
+if is_yes "${NETWORKING}"; then
+ if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status ]; then
+ msg_network_down smb
+ exit 1
+ fi
+else
+ exit 0
+fi
+
+TMPDIR="/tmp"; export TMPDIR
+unset TMP || :
+
+# Check that smb.conf exists.
+[ -f /etc/samba/smb.conf ] || exit 0
+
+start() {
+ # Check if the service is already running?
+ if [ ! -f /var/lock/subsys/smb ]; then
+ msg_starting smbd
+ daemon /usr/sbin/smbd -D
+ RETVAL=$?
+ msg_starting nmbd
+ daemon /usr/sbin/nmbd -D
+ [ $RETVAL -eq 0 ] && RETVAL=$?
+ if [ $RETVAL -eq 0 ]; then
+ touch /var/lock/subsys/smb
+ fi
+ else
+ msg_already_running smb
+ fi
+}
+
+stop() {
+ # Stop daemons.
+ if [ -f /var/lock/subsys/smb ]; then
+ msg_stopping smbd
+ killproc smbd
+ msg_stopping nmbd
+ killproc nmbd
+ rm -f /var/lock/subsys/smb >/dev/null 2>&1
+ else
+ msg_not_running smb
+ fi
+}
+
+condrestart() {
+ if [ -f /var/lock/subsys/smb ]; then
+ stop
+ start
+ else
+ msg_not_running smb
+ RETVAL=$1
+ fi
+}
+
+RETVAL=0
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart)
+ stop
+ start
+ ;;
+ try-restart)
+ condrestart 0
+ ;;
+ reload|force-reload)
+ if [ -f /var/lock/subsys/smb ]; then
+ msg_reloading smb
+ killproc smbd -HUP
+ RETVAL=$?
+ else
+ msg_not_running smb
+ exit 7
+ fi
+ ;;
+ status)
+ status smbd
+ RETVAL=$?
+ status nmbd
+ RET=$?
+ [ $RETVAL -eq 0 ] && RETVAL=$RET
+ smbstatus
+ ;;
+ *)
+ msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|status}"
+ exit 3
+esac
+
+exit $RETVAL
--- /dev/null
+#!/bin/sh
+#
+# chkconfig: 345 91 35
+# description: Starts and stops the Samba winbind daemon to provide\
+# user and group information from a NT domain controller to linux.
+#
+# config: /etc/samba/smb.conf
+
+export PATH=/bin:/sbin:/usr/bin:/usr/sbin
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Source networking configuration.
+. /etc/sysconfig/network
+
+# Daemon specific configuration.
+. /etc/sysconfig/winbind
+
+# Check that networking is up.
+if is_yes "${NETWORKING}"; then
+ if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status ]; then
+ msg_network_down winbindd
+ exit 1
+ fi
+else
+ exit 0
+fi
+
+TMPDIR="/tmp"; export TMPDIR
+
+# Check that smb.conf exists.
+[ -f /etc/samba/smb.conf ] || exit 0
+
+start() {
+ if [ ! -f /var/lock/subsys/winbind ]; then
+ msg_starting winbindd
+ daemon /usr/sbin/winbindd
+ RETVAL=$?
+ if [ $RETVAL -eq 0 ]; then
+ touch /var/lock/subsys/winbind
+ RETVAL=1
+ fi
+ else
+ msg_already_running winbindd
+ fi
+}
+
+stop() {
+ if [ -f /var/lock/subsys/winbind ]; then
+ msg_stopping winbindd
+ killproc winbindd
+ rm -f /var/lock/subsys/winbind >/dev/null 2>&1
+ else
+ msg_not_running winbindd
+ fi
+}
+
+condrestart() {
+ if [ -f /var/lock/subsys/winbind ]; then
+ stop
+ start
+ else
+ msg_not_running winbindd
+ RETVAL=$1
+ fi
+}
+
+RETVAL=0
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart)
+ stop
+ start
+ ;;
+ reload|force-reload)
+ if [ -f /var/lock/subsys/winbind ]; then
+ msg_reloading winbindd
+ killproc winbindd -HUP
+ RETVAL=$?
+ else
+ msg_not_running winbindd
+ exit 7
+ fi
+ ;;
+ try-restart)
+ condrestart 0
+ ;;
+ status)
+ status winbindd
+ RETVAL=$?
+ ;;
+ *)
+ msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|status}"
+ exit 3
+esac
+
+exit $RETVAL