The Samba-Bugzilla – Attachment 6760 Details for
Bug 8347
CVE-2011-2522 regression for HP-UX, AIX and OSF
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for v3-6-test
tmp36.diff (text/plain), 1.68 KB, created by
Stefan Metzmacher
on 2011-08-09 06:37:46 UTC
(
hide
)
Description:
Patch for v3-6-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2011-08-09 06:37:46 UTC
Size:
1.68 KB
patch
obsolete
>From 603be3422fa1ef401e8ab4c17d2473b23a2fa95d Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 5 Aug 2011 19:48:38 +0200 >Subject: [PATCH] s3:web/swat: use strtoll() instead of atoi/atol/atoll > >This is more portable, as we have a strtoll replacement >in lib/replace. > >metze > >Autobuild-User: Stefan Metzmacher <metze@samba.org> >Autobuild-Date: Sat Aug 6 11:55:45 CEST 2011 on sn-devel-104 >(cherry picked from commit a6be0820d09b3f3eabfbb5f4356add303aa8a494) >--- > source3/web/swat.c | 25 +++++++++++++++++++------ > 1 files changed, 19 insertions(+), 6 deletions(-) > >diff --git a/source3/web/swat.c b/source3/web/swat.c >index 8b6ae31..ce00798 100644 >--- a/source3/web/swat.c >+++ b/source3/web/swat.c >@@ -198,16 +198,29 @@ bool verify_xsrf_token(const char *formname) > const char *pass = cgi_user_pass(); > const char *token = cgi_variable_nonull(XSRF_TOKEN); > const char *time_str = cgi_variable_nonull(XSRF_TIME); >+ char *p = NULL; >+ long long xsrf_time_ll = 0; > time_t xsrf_time = 0; > time_t now = time(NULL); > >- if (sizeof(time_t) == sizeof(int)) { >- xsrf_time = atoi(time_str); >- } else if (sizeof(time_t) == sizeof(long)) { >- xsrf_time = atol(time_str); >- } else if (sizeof(time_t) == sizeof(long long)) { >- xsrf_time = atoll(time_str); >+ errno = 0; >+ xsrf_time_ll = strtoll(time_str, &p, 10); >+ if (errno != 0) { >+ return false; >+ } >+ if (p == NULL) { >+ return false; >+ } >+ if (PTR_DIFF(p, time_str) > strlen(time_str)) { >+ return false; >+ } >+ if (xsrf_time_ll > _TYPE_MAXIMUM(time_t)) { >+ return false; >+ } >+ if (xsrf_time_ll < _TYPE_MINIMUM(time_t)) { >+ return false; > } >+ xsrf_time = xsrf_time_ll; > > if (abs(now - xsrf_time) > XSRF_TIMEOUT) { > return false; >-- >1.7.4.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
kai
:
review+
Actions:
View
Attachments on
bug 8347
:
6751
|
6756
| 6760 |
6761
|
6762
|
6765