The Samba-Bugzilla – Attachment 15653 Details for
Bug 14210
smbd NULL pointer de-reference in smb2_signing_decrypt_pdu
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch disabling gnutls randomization
disable-randomness-samba-master.diff (text/plain), 2.50 KB, created by
Robert Swiecki
on 2019-11-29 21:00:10 UTC
(
hide
)
Description:
Patch disabling gnutls randomization
Filename:
MIME Type:
Creator:
Robert Swiecki
Created:
2019-11-29 21:00:10 UTC
Size:
2.50 KB
patch
obsolete
>diff --git a/lib/util/genrand.c b/lib/util/genrand.c >index 18ffa0d..8b1c186 100644 >--- a/lib/util/genrand.c >+++ b/lib/util/genrand.c >@@ -19,6 +19,9 @@ > along with this program. If not, see <http://www.gnu.org/licenses/>. > */ > >+ >+#include <pthread.h> >+ > #include "replace.h" > #include "lib/util/genrand.h" > >@@ -31,10 +34,29 @@ > * https://nikmav.blogspot.com/2017/03/improving-by-simplifying-gnutls-prng.html > */ > >+#define DETER_RAND_FUNC zgnutls_rnd >+ >+ >+int j = 1; >+ >+_PUBLIC_ void reinit_i(void) { >+ j = 1; >+} >+ >+__attribute__((constructor)) static void ini(void) { >+ pthread_atfork(NULL, NULL, reinit_i); >+} >+ >+static void zgnutls_rnd(int a, uint8_t* buf, int len) { >+ for (int i = 0; i < len; i++) { >+ buf[i] = j++; >+ } >+} >+ > _PUBLIC_ void generate_random_buffer(uint8_t *out, int len) > { > /* Random number generator for temporary keys. */ >- gnutls_rnd(GNUTLS_RND_RANDOM, out, len); >+ DETER_RAND_FUNC(GNUTLS_RND_RANDOM, out, len); > } > > _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len) >@@ -48,7 +70,7 @@ _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len) > * the limit for a re-seed. For its re-seed it mixes mixes data obtained > * from the OS random device with the previous key. > */ >- gnutls_rnd(GNUTLS_RND_KEY, out, len); >+ DETER_RAND_FUNC(GNUTLS_RND_KEY, out, len); > } > > _PUBLIC_ void generate_nonce_buffer(uint8_t *out, int len) >@@ -60,5 +82,5 @@ _PUBLIC_ void generate_nonce_buffer(uint8_t *out, int len) > * bytes (typically few megabytes), or after few hours of operation > * without reaching the limit has passed. > */ >- gnutls_rnd(GNUTLS_RND_NONCE, out, len); >+ DETER_RAND_FUNC(GNUTLS_RND_NONCE, out, len); > } >diff --git a/source3/smbd/smbXsrv_client.c b/source3/smbd/smbXsrv_client.c >index 02754a8..d82b2c1 100644 >--- a/source3/smbd/smbXsrv_client.c >+++ b/source3/smbd/smbXsrv_client.c >@@ -478,6 +478,8 @@ static int smbXsrv_client_destructor(struct smbXsrv_client *client) > static bool smbXsrv_client_connection_pass_filter(struct messaging_rec *rec, void *private_data); > static void smbXsrv_client_connection_pass_loop(struct tevent_req *subreq); > >+extern void reinit_i(void); >+ > NTSTATUS smbXsrv_client_create(TALLOC_CTX *mem_ctx, > struct tevent_context *ev_ctx, > struct messaging_context *msg_ctx, >@@ -490,6 +492,11 @@ NTSTATUS smbXsrv_client_create(TALLOC_CTX *mem_ctx, > NTSTATUS status; > struct tevent_req *subreq = NULL; > >+ >+ reinit_i(); >+ fprintf(stderr, "REINITED_I\n"); >+ >+ > status = smbXsrv_client_table_create(mem_ctx, > msg_ctx, > 1, /* max_clients */
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 14210
:
15652
| 15653 |
15654
|
15655
|
16336
|
16337
|
16338