The Samba-Bugzilla – Attachment 14229 Details for
Bug 13466
[SECURITY Hardening] DNS query with escapes characters in dns name makes samba crashing
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for master
look-master.patch (text/plain), 7.48 KB, created by
Kai Blin
on 2018-06-08 19:22:13 UTC
(
hide
)
Description:
patch for master
Filename:
MIME Type:
Creator:
Kai Blin
Created:
2018-06-08 19:22:13 UTC
Size:
7.48 KB
patch
obsolete
>From ed0c52128384fccceee538a04db01a28db00f40d Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Thu, 7 Jun 2018 00:47:30 -0700 >Subject: [PATCH 1/3] WHATSNEW.txt: Updated with VFS ABI changes for 4.9.0. > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Kai Blin <kai@samba.org> >--- > WHATSNEW.txt | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > >diff --git a/WHATSNEW.txt b/WHATSNEW.txt >index 574e9b27e68..b9c80cf9d80 100644 >--- a/WHATSNEW.txt >+++ b/WHATSNEW.txt >@@ -72,6 +72,21 @@ to allow better Windows fileserver compatibility in a default install. > store dos attributes Default changed yes > ea support Default changed yes > >+VFS interface changes >+===================== >+ >+The VFS ABI interface version has changed to 39. Function changes >+are: >+ >+SMB_VFS_FSYNC: Removed: Only async versions are used. >+SMB_VFS_READ: Removed: Only PREAD or async versions are used. >+SMB_VFS_WRITE: Removed: Only PWRITE or async versions are used. >+SMB_VFS_CHMOD_ACL: Removed: Only CHMOD is used. >+SMB_VFS_FCHMOD_ACL: Removed: Only FCHMOD is used. >+ >+Any external VFS modules will need to be updated to match these >+changes in order to work with 4.9.x. >+ > KNOWN ISSUES > ============ > >-- >2.11.0 > > >From ba00798db520973b3367bca63896f64ef557889a Mon Sep 17 00:00:00 2001 >From: Kai Blin <kai@samba.org> >Date: Fri, 8 Jun 2018 18:20:16 +0200 >Subject: [PATCH 2/3] dns: Add a test to trigger the LDB casefolding issue on > invalid chars > >Signed-off-by: Kai Blin <kai@samba.org> >--- > python/samba/tests/dns_invalid.py | 87 +++++++++++++++++++++++++++++++++++++++ > selftest/knownfail.d/dns | 3 ++ > source4/selftest/tests.py | 3 ++ > 3 files changed, 93 insertions(+) > create mode 100644 python/samba/tests/dns_invalid.py > >diff --git a/python/samba/tests/dns_invalid.py b/python/samba/tests/dns_invalid.py >new file mode 100644 >index 00000000000..9f87cd56084 >--- /dev/null >+++ b/python/samba/tests/dns_invalid.py >@@ -0,0 +1,87 @@ >+# Unix SMB/CIFS implementation. >+# Copyright (C) Kai Blin <kai@samba.org> 2018 >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+ >+import os >+import sys >+import struct >+import random >+import socket >+import samba.ndr as ndr >+from samba import credentials, param >+from samba.dcerpc import dns, dnsp, dnsserver >+from samba.netcmd.dns import TXTRecord, dns_record_match, data_to_dns_record >+from samba.tests.subunitrun import SubunitOptions, TestProgram >+from samba import werror, WERRORError >+from samba.tests.dns_base import DNSTest >+import samba.getopt as options >+import optparse >+ >+parser = optparse.OptionParser("dns_invalid.py <server ip> [options]") >+sambaopts = options.SambaOptions(parser) >+parser.add_option_group(sambaopts) >+ >+# This timeout only has relevance when testing against Windows >+# Format errors tend to return patchy responses, so a timeout is needed. >+parser.add_option("--timeout", type="int", dest="timeout", >+ help="Specify timeout for DNS requests") >+ >+# use command line creds if available >+credopts = options.CredentialsOptions(parser) >+parser.add_option_group(credopts) >+subunitopts = SubunitOptions(parser) >+parser.add_option_group(subunitopts) >+ >+opts, args = parser.parse_args() >+ >+lp = sambaopts.get_loadparm() >+creds = credopts.get_credentials(lp) >+ >+timeout = opts.timeout >+ >+if len(args) < 1: >+ parser.print_usage() >+ sys.exit(1) >+ >+server_ip = args[0] >+creds.set_krb_forwardable(credentials.NO_KRB_FORWARDABLE) >+ >+ >+class TestBrokenQueries(DNSTest): >+ def setUp(self): >+ super(TestBrokenQueries, self).setUp() >+ global server, server_ip, lp, creds, timeout >+ self.server_ip = server_ip >+ self.lp = lp >+ self.creds = creds >+ self.timeout = timeout >+ >+ def test_invalid_chars_in_name(self): >+ """Check the server refuses invalid characters in the query name""" >+ p = self.make_name_packet(dns.DNS_OPCODE_QUERY) >+ questions = [] >+ >+ name = "\x10\x11\x05\xa8.%s" % self.get_dns_domain() >+ q = self.make_name_question(name, dns.DNS_QTYPE_A, dns.DNS_QCLASS_IN) >+ print "asking for ", q.name >+ questions.append(q) >+ >+ self.finish_name_packet(p, questions) >+ (response, response_packet) = self.dns_transaction_udp(p, host=server_ip) >+ self.assert_dns_rcode_equals(response, dns.DNS_RCODE_NXDOMAIN) >+ >+ >+TestProgram(module=__name__, opts=subunitopts) >diff --git a/selftest/knownfail.d/dns b/selftest/knownfail.d/dns >index cb3003240ea..140ded24fa0 100644 >--- a/selftest/knownfail.d/dns >+++ b/selftest/knownfail.d/dns >@@ -45,3 +45,6 @@ samba.tests.dns.__main__.TestSimpleQueries.test_qtype_all_query\(rodc:local\) > > # The SOA override should not pass against the RODC, it must not overstamp > samba.tests.dns.__main__.TestSimpleQueries.test_one_SOA_query\(rodc:local\) >+ >+# This still needs to be fixed in LDB >+samba.tests.dns_invalid.__main__.TestBrokenQueries.test_invalid_chars_in_name\(ad_dc:local\) >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 069128b2e84..a7dd1409e49 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -376,6 +376,9 @@ plantestsuite_loadlist("samba.tests.dns_forwarder", "fl2003dc:local", [python, o > > plantestsuite_loadlist("samba.tests.dns_tkey", "fl2008r2dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_tkey.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) > plantestsuite_loadlist("samba.tests.dns_wildcard", "ad_dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_wildcard.py"), '$SERVER', '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) >+ >+plantestsuite_loadlist("samba.tests.dns_invalid", "ad_dc", [python, os.path.join(srcdir(), "python/samba/tests/dns_invalid.py"), '$SERVER_IP', '--machine-pass', '-U"$USERNAME%$PASSWORD"', '--workgroup=$DOMAIN', '$LOADLIST', '$LISTOPT']) >+ > for t in smbtorture4_testsuites("dns_internal."): > plansmbtorture4testsuite(t, "ad_dc_ntvfs:local", '//$SERVER/whavever') > >-- >2.11.0 > > >From 2d6c471b3a54d082d99fa6c4bb97f4b4c5160e44 Mon Sep 17 00:00:00 2001 >From: Kai Blin <kai@samba.org> >Date: Fri, 8 Jun 2018 21:20:58 +0200 >Subject: [PATCH 3/3] ldb: fix crash in ltdb_index_dn_attr > >Still needs a cmocka test > >Signed-off-by: Kai Blin <kai@samba.org> >--- > lib/ldb/ldb_tdb/ldb_index.c | 4 ++++ > 1 file changed, 4 insertions(+) > >diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c >index 04ffbad65cd..48dd75b7e8a 100644 >--- a/lib/ldb/ldb_tdb/ldb_index.c >+++ b/lib/ldb/ldb_tdb/ldb_index.c >@@ -1585,6 +1585,10 @@ static int ltdb_index_dn_attr(struct ldb_module *module, > > /* work out the index key from the parent DN */ > val.data = (uint8_t *)((uintptr_t)ldb_dn_get_casefold(dn)); >+ if (!val.data) { >+ return LDB_ERR_NO_SUCH_OBJECT; >+ } >+ > val.length = strlen((char *)val.data); > key = ltdb_index_key(ldb, ltdb, attr, &val, NULL, truncation); > if (!key) { >-- >2.11.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13466
:
14228
|
14229
|
14230
|
14288
|
14294