samba.git/source3/lib/select.c, branch v3-5-test Unnamed repository; edit this file 'description' to name the repository. Fix denial of service - memory corruption. 2011-02-28T13:43:59+00:00 Jeremy Allison jra@samba.org 2011-02-27T16:58:06+00:00 b9c9874cdddfde5726c985b2154adee47597f77f CVE-2011-0719 Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open). All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date. (cherry picked from commit c3ad6eb506623435d3d9ce62d6f34ed1c960d4be) 
CVE-2011-0719

Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open).

All current released versions of Samba are vulnerable to
a denial of service caused by memory corruption. Range
checks on file descriptors being used in the FD_SET macro
were not present allowing stack corruption. This can cause
the Samba code to crash or to loop attempting to select
on a bad file descriptor set.

A connection to a file share, or a local account is needed
to exploit this problem, either authenticated or unauthenticated
(guest connection).

Currently we do not believe this flaw is exploitable
beyond a crash or causing the code to loop, but on the
advice of our security reviewers we are releasing fixes
in case an exploit is discovered at a later date.
(cherry picked from commit c3ad6eb506623435d3d9ce62d6f34ed1c960d4be)
s3:lib/select: don't overwrite errno in the signal handler 2009-09-21T03:55:05+00:00 Stefan Metzmacher metze@samba.org 2009-09-20T21:29:34+00:00 00e378f17c39c52689601bc622b9cd78a0cdce12 metze 
metze
S3: Stop creating SMBD cores when failing to create a pipe. 2009-02-19T02:08:33+00:00 todd stecher todd.stecher@gmail.com 2009-02-12T08:11:38+00:00 03421944b2bd82caf13946b745e4d634f0559f82 This was uncovered when the MAX FD limit was hit, causing an instant core and invoking error reporting. This fix causes SMBD to exit, but without building a core. 
This was uncovered when the MAX FD limit was hit, causing an instant core
and invoking error reporting. This fix causes SMBD to exit, but without
building a core.
Rely on standard {u,}int{8,16,32,64}_t types provided by system or 2008-10-14T01:38:34+00:00 Jelmer Vernooij jelmer@samba.org 2008-10-14T01:38:34+00:00 606c398fb834c3e057423dfce641b8a6b2d3f925 libreplace for {u,}int{8,16,32,64} defines. 
libreplace for {u,}int{8,16,32,64} defines.
Use {u,}int64_t instead of SMB_BIG_{U,}INT. 2008-10-13T23:59:36+00:00 Jelmer Vernooij jelmer@samba.org 2008-10-13T23:59:36+00:00 4746f79d50d804b0e9d5d5cc0d4796dee54d052c 






Check return value of pipe(2)
2008-02-23T10:04:13+00:00

Volker Lendecke
vl@samba.org

2008-02-23T09:49:00+00:00

fdf4e84e2b3fa7b29b384a7a18c422f98be35950

(This used to be commit 49da21c03a1a5801fba4b12837cccf2887e0d8f0)





(This used to be commit 49da21c03a1a5801fba4b12837cccf2887e0d8f0)







r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
2007-10-10T17:28:22+00:00

Andrew Tridgell
tridge@samba.org

2007-07-10T00:52:41+00:00

5e54558c6dea67b56bbfaba5698f3a434d3dffb6

(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)





(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)







r23779: Change from v2 or later to v3 or later.
2007-10-10T17:28:20+00:00

Jeremy Allison
jra@samba.org

2007-07-09T19:25:36+00:00

d824b98f80ba186030cbb70b3a1e5daf80469ecd

Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)





Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)







r23510: Tidy calls to smb_panic by removing trailing newlines. Print the
2007-10-10T17:23:23+00:00

James Peach
jpeach@samba.org

2007-06-15T21:58:49+00:00

b1ce226af8b61ad7e3c37860a59c6715012e738b

failed expression in SMB_ASSERT.
(This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713)





failed expression in SMB_ASSERT.
(This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713)







r7440: * merge registry server changes from trunk (so far) for more
2007-10-10T15:57:09+00:00

Gerald Carter
jerry@samba.org

2005-06-09T15:20:11+00:00

129b461673ecd0ad4d16c0c99585dd5c067172df

  printmig.exe work
* merge the sys_select_signal(char c) change from trunk
  in order to keeo the winbind code in sync
(This used to be commit a112c5570a7f8ddddde1af0fa665f40a6067e8cf)





  printmig.exe work
* merge the sys_select_signal(char c) change from trunk
  in order to keeo the winbind code in sync
(This used to be commit a112c5570a7f8ddddde1af0fa665f40a6067e8cf)