samba.git/libcli, branch v3-5-test Unnamed repository; edit this file 'description' to name the repository. Fix bug #9117 - smbclient can't connect to a Windows 7 server using NTLMv2 (crypto code changes domain case). 2012-10-15T09:35:16+00:00 Jeremy Allison jra@samba.org 2012-08-24T22:54:07+00:00 c13c6eb11f49b1fd3b3be95c7265cf9c0738b4e8 Simple fix for 3.5.x, tested and confirmed as working by original reporter "Blohm, Guntram (I/FP-37, extern)" <extern.guntram.blohm@audi.de>. 
Simple fix for 3.5.x, tested and confirmed as working by original reporter
"Blohm, Guntram (I/FP-37, extern)" <extern.guntram.blohm@audi.de>.
libcli/cldap: fix a crash bug in cldap_socket_recv_dgram() (bug #8593) 2012-01-10T20:04:30+00:00 Stefan Metzmacher metze@samba.org 2011-11-10T13:43:55+00:00 d2aa10c255932b2d3060fcfc5cea19caef213724 After a calling any wrapper of tevent_req_notify_callback(), e.g. tevent_req_nterror(), tevent_req_done(), tevent_req_nomem(), a function has to return immediately otherwise it is very likely to crash. metze (similar to commit 17f1a97a614db4ed8292544988cb6a6cf56621d8) 
After a calling any wrapper of tevent_req_notify_callback(),
e.g. tevent_req_nterror(), tevent_req_done(), tevent_req_nomem(),
a function has to return immediately otherwise it is very likely to
crash.

metze

(similar to commit 17f1a97a614db4ed8292544988cb6a6cf56621d8)
libcli/auth: only expose creds to the caller on success 2011-11-03T19:49:19+00:00 Stefan Metzmacher metze@samba.org 2011-11-02T09:57:09+00:00 bb7d9fd886723e78680670ef4b0010e76f94ea80 metze 
metze
libcli/auth: debug the given computer name creds might be NULL 2011-11-03T19:49:17+00:00 Stefan Metzmacher metze@samba.org 2011-11-02T09:55:27+00:00 b6c3195a5a08808c8cf6a6ae3099bf534ddd36a8 metze 
metze
libcli/auth: let spnego_write_mech_types() check the asn1_load() return 2011-09-28T18:11:44+00:00 Stefan Metzmacher metze@samba.org 2010-12-01T23:40:01+00:00 363b81899401f01de11ddbd8036b55a472806b38 metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Dec 7 18:23:41 CET 2010 on sn-devel-104 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Dec  7 18:23:41 CET 2010 on sn-devel-104
Fix a valgrind error 2011-01-05T16:22:04+00:00 Volker Lendecke vl@samba.org 2011-01-02T01:48:03+00:00 23693fe3c51ac89db64fefed292f7e4ff38e00e8 Thanks to Tridge for the hint. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sun Jan 2 10:58:51 CET 2011 on sn-devel-104 
Thanks to Tridge for the hint.

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Jan  2 10:58:51 CET 2011 on sn-devel-104
Fix bug #7669. 2010-09-15T18:53:08+00:00 Jeremy Allison jra@samba.org 2010-09-09T13:54:23+00:00 462e5f7b139e294016ecefefed20dda107816622 Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in Samba4). CVE-2010-3069: =========== Description =========== All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server. A connection to a file share is needed to exploit this vulnerability, either authenticated or unauthenticated (guest connection). (cherry picked from commit a34c3e999bb1ea61da31c5b3e845b19663039358) 
Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in
Samba4).

CVE-2010-3069:

===========
Description
===========

All current released versions of Samba are vulnerable to
a buffer overrun vulnerability. The sid_parse() function
(and related dom_sid_parse() function in the source4 code)
do not correctly check their input lengths when reading a
binary representation of a Windows SID (Security ID). This
allows a malicious client to send a sid that can overflow
the stack variable that is being used to store the SID in the
Samba smbd server.

A connection to a file share is needed to exploit this
vulnerability, either authenticated or unauthenticated
(guest connection).
(cherry picked from commit a34c3e999bb1ea61da31c5b3e845b19663039358)
s3-dcerpc: avoid talloc_move on schannel creds in cli_rpc_pipe_open_schannel_with_key(). 2010-09-06T18:42:14+00:00 Günther Deschner gd@samba.org 2010-08-23T14:02:23+00:00 68e83f9fedf0a0f0fa412d3ecec8ee853bf82bac Initially, the schannel creds were talloc memduped, then, during the netlogon creds client merge (baf7274fed2f1ae7a9e3a57160bf5471566e636c) they were first talloc_referenced and then later (53765c81f726a8c056cc4e57004592dd489975c9) talloc_moved. The issue with using talloc_move here is that users of that function in winbind will only be able to have two schanneled connections, as the cached schannel credentials pointer from the netlogon pipe will be set to NULL. Do a deep copy of the struct instead. Guenther (cherry picked from commit 898c6123355a3a11ec17f0396c4cb3018c75c184) 
Initially, the schannel creds were talloc memduped, then, during the netlogon
creds client merge (baf7274fed2f1ae7a9e3a57160bf5471566e636c) they were first
talloc_referenced and then later (53765c81f726a8c056cc4e57004592dd489975c9)
talloc_moved.

The issue with using talloc_move here is that users of that function in winbind
will only be able to have two schanneled connections, as the cached schannel
credentials pointer from the netlogon pipe will be set to NULL. Do a deep copy
of the struct instead.

Guenther
(cherry picked from commit 898c6123355a3a11ec17f0396c4cb3018c75c184)
Fix what looks like a cut-and-paste error in our read_negTokenInit() function. 2010-05-25T08:57:58+00:00 Jeremy Allison jra@samba.org 2010-05-20T21:30:44+00:00 70098b751c10e632738f687976e6ef5e5fb2fc7b We should never be calling asn1_push_XXX functions inside an asn1 reading function. Change asn1_push_tag() -> asn1_start_tag() and asn1_pop_tag() -> asn1_end_tag(). This allows us to connect to a NetApp filer at the Microsoft plugfest. Andrew PLEASE CHECK ! Jeremy. Fix bug #7449 (spnego data mis-parsed - returns incorrect mechListMIC string). 
We should never be calling asn1_push_XXX functions inside an asn1
reading function. Change asn1_push_tag() -> asn1_start_tag() and
asn1_pop_tag() -> asn1_end_tag(). This allows us to connect to a
NetApp filer at the Microsoft plugfest.

Andrew PLEASE CHECK !

Jeremy.

Fix bug #7449 (spnego data mis-parsed - returns incorrect mechListMIC string).
Simplify E_md5hash a bit 2010-01-25T11:41:57+00:00 Volker Lendecke vl@samba.org 2009-12-14T18:29:36+00:00 7e430f3093c5bc06d8ca1186f982fe51af8c5637