132 lines
4.2 KiB
Diff
132 lines
4.2 KiB
Diff
From 1662eeeb7a6fc1b955fc0f7f52c7546ba3ac442a Mon Sep 17 00:00:00 2001
|
|
From: Ralph Boehme <slow@samba.org>
|
|
Date: Wed, 21 Jun 2023 15:06:12 +0200
|
|
Subject: [PATCH 2/5] CVE-2023-3347: smbd: pass lp_ctx to
|
|
smb[1|2]_srv_init_signing()
|
|
|
|
No change in behaviour.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397
|
|
|
|
Signed-off-by: Ralph Boehme <slow@samba.org>
|
|
---
|
|
source3/smbd/proto.h | 3 ++-
|
|
source3/smbd/smb1_signing.c | 10 ++--------
|
|
source3/smbd/smb1_signing.h | 3 ++-
|
|
source3/smbd/smb2_signing.c | 25 +++++++++++++++----------
|
|
4 files changed, 21 insertions(+), 20 deletions(-)
|
|
|
|
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
|
|
index a39f0a2edfa..3884617e77b 100644
|
|
--- a/source3/smbd/proto.h
|
|
+++ b/source3/smbd/proto.h
|
|
@@ -52,7 +52,8 @@ struct dcesrv_context;
|
|
|
|
/* The following definitions come from smbd/smb2_signing.c */
|
|
|
|
-bool smb2_srv_init_signing(struct smbXsrv_connection *conn);
|
|
+bool smb2_srv_init_signing(struct loadparm_context *lp_ctx,
|
|
+ struct smbXsrv_connection *conn);
|
|
bool srv_init_signing(struct smbXsrv_connection *conn);
|
|
|
|
/* The following definitions come from smbd/aio.c */
|
|
diff --git a/source3/smbd/smb1_signing.c b/source3/smbd/smb1_signing.c
|
|
index 6bcb0629c4f..aa3027d5318 100644
|
|
--- a/source3/smbd/smb1_signing.c
|
|
+++ b/source3/smbd/smb1_signing.c
|
|
@@ -170,18 +170,13 @@ static void smbd_shm_signing_free(TALLOC_CTX *mem_ctx, void *ptr)
|
|
Called by server negprot when signing has been negotiated.
|
|
************************************************************/
|
|
|
|
-bool smb1_srv_init_signing(struct smbXsrv_connection *conn)
|
|
+bool smb1_srv_init_signing(struct loadparm_context *lp_ctx,
|
|
+ struct smbXsrv_connection *conn)
|
|
{
|
|
bool allowed = true;
|
|
bool desired;
|
|
bool mandatory = false;
|
|
|
|
- struct loadparm_context *lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers());
|
|
- if (lp_ctx == NULL) {
|
|
- DEBUG(10, ("loadparm_init_s3 failed\n"));
|
|
- return false;
|
|
- }
|
|
-
|
|
/*
|
|
* if the client and server allow signing,
|
|
* we desire to use it.
|
|
@@ -195,7 +190,6 @@ bool smb1_srv_init_signing(struct smbXsrv_connection *conn)
|
|
*/
|
|
|
|
desired = lpcfg_server_signing_allowed(lp_ctx, &mandatory);
|
|
- talloc_unlink(conn, lp_ctx);
|
|
|
|
if (lp_async_smb_echo_handler()) {
|
|
struct smbd_shm_signing *s;
|
|
diff --git a/source3/smbd/smb1_signing.h b/source3/smbd/smb1_signing.h
|
|
index 56c59c5bbc2..26f60420dfa 100644
|
|
--- a/source3/smbd/smb1_signing.h
|
|
+++ b/source3/smbd/smb1_signing.h
|
|
@@ -33,4 +33,5 @@ bool smb1_srv_is_signing_negotiated(struct smbXsrv_connection *conn);
|
|
void smb1_srv_set_signing(struct smbXsrv_connection *conn,
|
|
const DATA_BLOB user_session_key,
|
|
const DATA_BLOB response);
|
|
-bool smb1_srv_init_signing(struct smbXsrv_connection *conn);
|
|
+bool smb1_srv_init_signing(struct loadparm_context *lp_ctx,
|
|
+ struct smbXsrv_connection *conn);
|
|
diff --git a/source3/smbd/smb2_signing.c b/source3/smbd/smb2_signing.c
|
|
index 4691ef4d613..c1f876f9cd7 100644
|
|
--- a/source3/smbd/smb2_signing.c
|
|
+++ b/source3/smbd/smb2_signing.c
|
|
@@ -26,32 +26,37 @@
|
|
#include "lib/param/param.h"
|
|
#include "smb2_signing.h"
|
|
|
|
-bool smb2_srv_init_signing(struct smbXsrv_connection *conn)
|
|
+bool smb2_srv_init_signing(struct loadparm_context *lp_ctx,
|
|
+ struct smbXsrv_connection *conn)
|
|
{
|
|
- struct loadparm_context *lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers());
|
|
- if (lp_ctx == NULL) {
|
|
- DBG_DEBUG("loadparm_init_s3 failed\n");
|
|
- return false;
|
|
- }
|
|
-
|
|
/*
|
|
* For SMB2 all we need to know is if signing is mandatory.
|
|
* It is always allowed and desired, whatever the smb.conf says.
|
|
*/
|
|
(void)lpcfg_server_signing_allowed(lp_ctx, &conn->smb2.signing_mandatory);
|
|
- talloc_unlink(conn, lp_ctx);
|
|
return true;
|
|
}
|
|
|
|
bool srv_init_signing(struct smbXsrv_connection *conn)
|
|
{
|
|
+ struct loadparm_context *lp_ctx = NULL;
|
|
+ bool ok;
|
|
+
|
|
+ lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers());
|
|
+ if (lp_ctx == NULL) {
|
|
+ DBG_DEBUG("loadparm_init_s3 failed\n");
|
|
+ return false;
|
|
+ }
|
|
+
|
|
#if defined(WITH_SMB1SERVER)
|
|
if (conn->protocol >= PROTOCOL_SMB2_02) {
|
|
#endif
|
|
- return smb2_srv_init_signing(conn);
|
|
+ ok = smb2_srv_init_signing(lp_ctx, conn);
|
|
#if defined(WITH_SMB1SERVER)
|
|
} else {
|
|
- return smb1_srv_init_signing(conn);
|
|
+ ok = smb1_srv_init_signing(lp_ctx, conn);
|
|
}
|
|
#endif
|
|
+ talloc_unlink(conn, lp_ctx);
|
|
+ return ok;
|
|
}
|
|
--
|
|
2.39.3
|
|
|