packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
samba/backport-0011-CVE-2022-38023.patch
xinghe 78769b5f0b fix CVE-2022-38023
2023-01-18 07:54:39 +00:00

114 lines
4.4 KiB
Diff
Raw Blame History

From b9269801ed6bc034da924cdedd0b6a2938a1379f Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 12 Dec 2022 14:03:50 +0100
Subject: [PATCH 10/29] CVE-2022-38023 s4:rpc_server/netlogon: add
talloc_stackframe() to dcesrv_netr_creds_server_step_check()
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0e6a2ba83ef1be3c6a0f5514c21395121621a145)
Conflict: NA
Reference: https://attachments.samba.org/attachment.cgi?id=17698
---
source4/rpc_server/netlogon/dcerpc_netlogon.c | 32 +++++++++++--------
1 file changed, 19 insertions(+), 13 deletions(-)
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index b85d2253d3c4..5dfd84d939d9 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -634,6 +634,7 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
struct netlogon_creds_CredentialState **creds_out)
{
struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+ TALLOC_CTX *frame = talloc_stackframe();
NTSTATUS nt_status;
int schannel = lpcfg_server_schannel(lp_ctx);
bool schannel_global_required = (schannel == true);
@@ -677,6 +678,7 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
if (schannel_required) {
if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
*creds_out = creds;
+ TALLOC_FREE(frame);
return NT_STATUS_OK;
}
@@ -684,13 +686,15 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
"%s request (opnum[%u]) without schannel from "
"client_account[%s] client_computer_name[%s]\n",
opname, opnum,
- log_escape(mem_ctx, creds->account_name),
- log_escape(mem_ctx, creds->computer_name));
+ log_escape(frame, creds->account_name),
+ log_escape(frame, creds->computer_name));
DBG_ERR("CVE-2020-1472(ZeroLogon): Check if option "
- "'server require schannel:%s = no' is needed! \n",
- log_escape(mem_ctx, creds->account_name));
+ "'server require schannel:%s = no' "
+ "might be needed for a legacy client.\n",
+ log_escape(frame, creds->account_name));
TALLOC_FREE(creds);
ZERO_STRUCTP(return_authenticator);
+ TALLOC_FREE(frame);
return NT_STATUS_ACCESS_DENIED;
}
@@ -699,13 +703,14 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
"%s request (opnum[%u]) WITH schannel from "
"client_account[%s] client_computer_name[%s]\n",
opname, opnum,
- log_escape(mem_ctx, creds->account_name),
- log_escape(mem_ctx, creds->computer_name));
+ log_escape(frame, creds->account_name),
+ log_escape(frame, creds->computer_name));
DBG_ERR("CVE-2020-1472(ZeroLogon): "
"Option 'server require schannel:%s = no' not needed!?\n",
- log_escape(mem_ctx, creds->account_name));
+ log_escape(frame, creds->account_name));
*creds_out = creds;
+ TALLOC_FREE(frame);
return NT_STATUS_OK;
}
@@ -715,24 +720,25 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
"%s request (opnum[%u]) without schannel from "
"client_account[%s] client_computer_name[%s]\n",
opname, opnum,
- log_escape(mem_ctx, creds->account_name),
- log_escape(mem_ctx, creds->computer_name));
+ log_escape(frame, creds->account_name),
+ log_escape(frame, creds->computer_name));
DBG_INFO("CVE-2020-1472(ZeroLogon): "
"Option 'server require schannel:%s = no' still needed!\n",
- log_escape(mem_ctx, creds->account_name));
+ log_escape(frame, creds->account_name));
} else {
DBG_ERR("CVE-2020-1472(ZeroLogon): "
"%s request (opnum[%u]) without schannel from "
"client_account[%s] client_computer_name[%s]\n",
opname, opnum,
- log_escape(mem_ctx, creds->account_name),
- log_escape(mem_ctx, creds->computer_name));
+ log_escape(frame, creds->account_name),
+ log_escape(frame, creds->computer_name));
DBG_ERR("CVE-2020-1472(ZeroLogon): Check if option "
"'server require schannel:%s = no' might be needed!\n",
- log_escape(mem_ctx, creds->account_name));
+ log_escape(frame, creds->account_name));
}
*creds_out = creds;
+ TALLOC_FREE(frame);
return NT_STATUS_OK;
}
--
2.34.1
Reference in New Issue View Git Blame Copy Permalink