packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!43 fix CVE-2021-3671

Browse Source 
From: @eaglegai
Reviewed-by: @zengwefeng
Signed-off-by: @zengwefeng
This commit is contained in:
openeuler-ci-bot 2021-10-26 02:18:23 +00:00 committed by Gitee
commit 30f926a987
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
backport-CVE-2021-3671.patch Normal file
View File

@ -0,0 +1,39 @@
From 0cb4b939f192376bf5e33637863a91a20f74c5a5 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Fri, 27 Aug 2021 11:42:48 +1000
Subject: [PATCH] CVE-2021-3671 HEIMDAL kdc: validate sname in TGS-REQ
In tgs_build_reply(), validate the server name in the TGS-REQ is present before
dereferencing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
[abartlet@samba.org backported from from Heimdal
commit 04171147948d0a3636bc6374181926f0fb2ec83a via reference
to an earlier patch by Joseph Sutton]
RN: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ
Reviewed-by: Andreas Schneider <asn@samba.org>
---
source4/heimdal/kdc/krb5tgs.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index b76726cdd64..d143eb739eb 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -1603,6 +1603,10 @@ tgs_build_reply(krb5_context context,
s = &adtkt.cname;
r = adtkt.crealm;
+ } else if (s == NULL) {
+ ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+ krb5_set_error_message(context, ret, "No server in request");
+ goto out;
}
_krb5_principalname2krb5_principal(context, &sp, *s, r);
--
GitLab

9
samba.spec
View File

@ -49,7 +49,7 @@
Name: samba
Version: 4.11.12
Release: 5
Release: 6
Summary: A suite for Linux to interoperate with Windows
License: GPLv3+ and LGPLv3+
@ -78,6 +78,7 @@ Patch8: backport-0001-CVE-2020-14383.patch
Patch9: backport-0002-CVE-2020-14383.patch
Patch10: backport-CVE-2020-14318.patch
Patch11: backport-CVE-2020-14323.patch
Patch12: backport-CVE-2021-3671.patch
BuildRequires: avahi-devel cups-devel dbus-devel docbook-style-xsl e2fsprogs-devel gawk gnupg2 gnutls-devel >= 3.4.7 gpgme-devel
BuildRequires: jansson-devel krb5-devel >= %{required_mit_krb5} libacl-devel libaio-devel libarchive-devel libattr-devel
@ -3065,6 +3066,12 @@ fi
%{_mandir}/man*
%changelog
* Mon Oct 25 2021 gaihuiying <gaihuiying1@huawei.com> - 4.11.12-6
- Type:cves
- ID:CVE-2021-3671
- SUG:NA
- DESC:fix CVE-2021-3671
* Fri Jun 11 2021 zengwefeng <zwfeng@huawei.com> - 4.11.12-5
- Type:cves
- ID:CVE-2020-14318 CVE-2020-14323 CVE-2020-14383