samba: add current RHEL6 patches

[ipfire-2.x.git] / src / patches / samba / CVE-2017-7494-v3-6.patch

diff --git a/src/patches/samba/CVE-2017-7494-v3-6.patch b/src/patches/samba/CVE-2017-7494-v3-6.patch
new file mode 100644 (file)
index 0000000..3b0d94c
--- /dev/null
+++ b/src/patches/samba/CVE-2017-7494-v3-6.patch
@@ -0,0 +1,32 @@
+From b719a4d53fc6d590f4fac340d956344a5246de4e Mon Sep 17 00:00:00 2001
+From: Volker Lendecke <vl@samba.org>
+Date: Mon, 8 May 2017 21:40:40 +0200
+Subject: [PATCH] CVE-2017-7494: Refuse to open pipe names with / inside
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780
+
+Signed-off-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ source3/rpc_server/srv_pipe.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
+index ec24fe7..b80e3f5 100644
+--- a/source3/rpc_server/srv_pipe.c
++++ b/source3/rpc_server/srv_pipe.c
+@@ -473,6 +473,11 @@ bool is_known_pipename(const char *cli_filename, struct ndr_syntax_id *syntax)
+               pipename += 1;
+       }
+ 
++      if (strchr(pipename, '/')) {
++              DEBUG(1,("Refusing open on pipe %s\n", pipename));
++              return false;
++      }
++
+       if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
+               DEBUG(10, ("refusing spoolss access\n"));
+               return false;
+-- 
+2.9.4
+