packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
samba/backport-0036-CVE-2022-38023.patch
xinghe c24b46a73b add patch for fix CVE-2022-38023
2023-04-03 09:21:42 +00:00

63 lines
2.1 KiB
Diff
Raw Blame History

From b0ecb8aebf814b339afe1d2843ef53ece5cb4c9d Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Wed, 4 Jan 2023 17:39:20 +0100
Subject: [PATCH 38/40] CVE-2022-38023 s3:rpc_server/netlogon: Return error on
invalid auth level
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Conflict: NA
Reference: https://attachments.samba.org/attachment.cgi?id=17736
---
source3/rpc_server/netlogon/srv_netlog_nt.c | 23 +++++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index b7c8e2c928e..5f89e945f9c 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1070,7 +1070,7 @@ static NTSTATUS netr_check_schannel(struct pipes_struct *p,
uint16_t opnum)
{
TALLOC_CTX *frame = talloc_stackframe();
- NTSTATUS status;
+ NTSTATUS status = NT_STATUS_MORE_PROCESSING_REQUIRED;
const char *explicit_opt = NULL;
bool schannel_global_required = (lp_server_schannel() == true) ? true:false;
bool schannel_required = schannel_global_required;
@@ -1094,12 +1094,31 @@ static NTSTATUS netr_check_schannel(struct pipes_struct *p,
} else if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
reason = "WITH SIGNED";
} else {
- smb_panic("Schannel without SIGN/SEAL");
+ reason = "WITH INVALID";
+ dbg_lvl = DBGLVL_ERR;
+ status = NT_STATUS_INTERNAL_ERROR;
}
} else {
reason = "WITHOUT";
}
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ if (!NT_STATUS_IS_OK(status)) {
+ dbg_lvl = MIN(dbg_lvl, DBGLVL_INFO);
+ }
+
+ DEBUG(dbg_lvl, (
+ "CVE-2020-1472(ZeroLogon)/CVE-2022-38023: "
+ "%s request (opnum[%u]) %s schannel from "
+ "client_account[%s] client_computer_name[%s] %s\n",
+ opname, opnum, reason,
+ log_escape(frame, creds->account_name),
+ log_escape(frame, creds->computer_name),
+ nt_errstr(status)));
+ TALLOC_FREE(frame);
+ return status;
+ }
+
/*
* We don't use lp_parm_bool(), as we
* need the explicit_opt pointer in order to
--
2.39.0
Reference in New Issue View Git Blame Copy Permalink