Репозитории ALT
S: | 4.17.11-alt1 |
5.1: | 3.0.37-alt5.M50P.1 |
4.1: | 3.0.30-alt3 |
4.0: | 3.0.33-alt1.M40.1 |
+updates: | 3.0.33-alt1.M40.1 |
3.0: | 3.0.14a-alt2 |
+backports: | 3.0.28-alt1 |
Группа :: Система/Серверы
Пакет: samba
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: samba-3.0.37-CVE-2012-1182.patch
Скачать
Скачать
From e11637c2c89c2d38963311416c34a4767b19e175 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 17 Mar 2012 01:22:27 +0100
Subject: [PATCH] s3:librpc/gen_ndr: fix array checks (bug #8815 / CVE-2012-1182)
An Anonymous researcher working with HP's Zero Day Initiative program
has found this and notified us.
metze
---
source/librpc/gen_ndr/ndr_wkssvc.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/source/librpc/gen_ndr/ndr_wkssvc.c b/source/librpc/gen_ndr/ndr_wkssvc.c
index 2af3587..07cf1a1 100644
--- a/source/librpc/gen_ndr/ndr_wkssvc.c
+++ b/source/librpc/gen_ndr/ndr_wkssvc.c
@@ -1385,10 +1385,10 @@ NTSTATUS ndr_pull_USER_INFO_0_CONTAINER(struct ndr_pull *ndr, int ndr_flags, str
NDR_PULL_ALLOC_N(ndr, r->user0, ndr_get_array_size(ndr, &r->user0));
_mem_save_user0_1 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->user0, 0);
- for (cntr_user0_1 = 0; cntr_user0_1 < r->entries_read; cntr_user0_1++) {
+ for (cntr_user0_1 = 0; cntr_user0_1 < ndr_get_array_size(ndr, &r->user0); cntr_user0_1++) {
NDR_CHECK(ndr_pull_USER_INFO_0(ndr, NDR_SCALARS, &r->user0[cntr_user0_1]));
}
- for (cntr_user0_1 = 0; cntr_user0_1 < r->entries_read; cntr_user0_1++) {
+ for (cntr_user0_1 = 0; cntr_user0_1 < ndr_get_array_size(ndr, &r->user0); cntr_user0_1++) {
NDR_CHECK(ndr_pull_USER_INFO_0(ndr, NDR_BUFFERS, &r->user0[cntr_user0_1]));
}
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user0_1, 0);
@@ -1631,10 +1631,10 @@ NTSTATUS ndr_pull_USER_INFO_1_CONTAINER(struct ndr_pull *ndr, int ndr_flags, str
NDR_PULL_ALLOC_N(ndr, r->user1, ndr_get_array_size(ndr, &r->user1));
_mem_save_user1_1 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->user1, 0);
- for (cntr_user1_1 = 0; cntr_user1_1 < r->entries_read; cntr_user1_1++) {
+ for (cntr_user1_1 = 0; cntr_user1_1 < ndr_get_array_size(ndr, &r->user1); cntr_user1_1++) {
NDR_CHECK(ndr_pull_USER_INFO_1(ndr, NDR_SCALARS, &r->user1[cntr_user1_1]));
}
- for (cntr_user1_1 = 0; cntr_user1_1 < r->entries_read; cntr_user1_1++) {
+ for (cntr_user1_1 = 0; cntr_user1_1 < ndr_get_array_size(ndr, &r->user1); cntr_user1_1++) {
NDR_CHECK(ndr_pull_USER_INFO_1(ndr, NDR_BUFFERS, &r->user1[cntr_user1_1]));
}
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user1_1, 0);
@@ -1953,10 +1953,10 @@ NTSTATUS ndr_pull_wkssvc_NetWkstaTransportCtr0(struct ndr_pull *ndr, int ndr_fla
NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array));
_mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->array, 0);
- for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) {
+ for (cntr_array_1 = 0; cntr_array_1 < ndr_get_array_size(ndr, &r->array); cntr_array_1++) {
NDR_CHECK(ndr_pull_wkssvc_NetWkstaTransportInfo0(ndr, NDR_SCALARS, &r->array[cntr_array_1]));
}
- for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) {
+ for (cntr_array_1 = 0; cntr_array_1 < ndr_get_array_size(ndr, &r->array); cntr_array_1++) {
NDR_CHECK(ndr_pull_wkssvc_NetWkstaTransportInfo0(ndr, NDR_BUFFERS, &r->array[cntr_array_1]));
}
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0);
--
1.7.4.1