packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport to fix CVE-2022-0366

Browse Source
This commit is contained in:
eaglegai 2022-02-14 15:21:55 +08:00
parent 363e1826c2
commit cd1341d902
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
backport-CVE-2022-0336.patch Normal file
View File

@ -0,0 +1,36 @@
From 2802b7d8f3f77a639d0d69bced528f328655750b Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 18 Jan 2022 12:02:45 +1300
Subject: [PATCH 2/7] CVE-2022-0336: s4/dsdb/samldb: Don't return early when an
SPN is re-added to an object
If an added SPN already exists on an object, we still want to check the
rest of the element values for conflicts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14950
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
---
source4/dsdb/samdb/ldb_modules/samldb.c | 3 +--
1 files changed, 1 insertion(+), 2 deletions(-)
@@ -1,2 +1 @@
samba.tests.ldap_spn.+LdapSpnTest.test_spn_dodgy_spns
-samba.tests.ldap_spn.+LdapSpnSambaOnlyTest.test_spn_add_a_conflict_along_with_a_re_added_SPN
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index f0227411ccd..a219446bba7 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -4001,8 +4001,7 @@ static int samldb_spn_uniqueness_check(struct samldb_ctx *ac,
ac->msg->dn);
if (ret == LDB_ERR_COMPARE_TRUE) {
DBG_INFO("SPN %s re-added to the same object\n", spn);
- talloc_free(tmp_ctx);
- return LDB_SUCCESS;
+ continue;
}
if (ret != LDB_SUCCESS) {
DBG_ERR("SPN %s failed direct uniqueness check\n", spn);
--
2.25.1

9
samba.spec
View File

@ -49,7 +49,7 @@
Name: samba
Version: 4.11.12
Release: 9
Release: 10
Summary: A suite for Linux to interoperate with Windows
License: GPLv3+ and LGPLv3+
@ -182,6 +182,7 @@ Patch6253: backport-0002-CVE-2021-44142.patch
Patch6254: backport-0003-CVE-2021-44142.patch
Patch6255: backport-0004-CVE-2021-44142.patch
Patch6256: backport-0005-CVE-2021-44142.patch
Patch6257: backport-CVE-2022-0336.patch
BuildRequires: avahi-devel cups-devel dbus-devel docbook-style-xsl e2fsprogs-devel gawk gnupg2 gnutls-devel >= 3.4.7 gpgme-devel
BuildRequires: jansson-devel krb5-devel >= %{required_mit_krb5} libacl-devel libaio-devel libarchive-devel libattr-devel
@ -3169,6 +3170,12 @@ fi
%{_mandir}/man*
%changelog
* Mon Feb 14 2022 gaihuiying <eaglegai@163.com> - 4.11.12-10
- Type:cves
- ID:CVE-2022-0366
- SUG:NA
- DESC:backport to fix CVE-2022-0366
* Tue Feb 08 2022 gaihuiying <eaglegai@163.com> - 4.11.12-9
- Type:cves
- ID:CVE-2021-44142