Re: Security Update: Samba 3.6.3

Wed, 01 Feb 2012 10:36:16 -0800 

On 01/31/12 18:58, Stuart Henderson wrote:

On 2012/01/31 23:34, Nigel Taylor wrote:

On 01/31/12 07:24, Ian McWilliam wrote:

Fo those in need of a samba fix.

http://www.samba.org/samba/security/CVE-2012-0817

The Samba smbd daemon that listens for incoming connections leaks
a small amount of memory on every connection attempt. Although this
is a small leak, it happens on every connection even without successful
authentication. Thus an attacker can simply loop making connection
requests and cause the listening daemon to ever increase in size.

Eventually the server process will grow enough to either cause memory
allocations in other processes to fail, or be killed by the system
as part of its out of memory protection. Either way, denial of service
would be achieved.

http://www.samba.org/samba/history/samba-3.6.3.html

CVE-2012-0817:
    The Samba File Serving daemon (smbd) in Samba versions
    3.6.0 to 3.6.2 is affected by a memory leak that can
    cause a server denial of service.

Ian McWilliam


Hi,

Built on i386 and amd64. Tests work for the limited setup I have here.

Nigel



For reference here's the diff against -current for this.

[... snip ...]


Works fine on amd64 -current.

I did notice a problem:
a8v2:build/packages 8227>sudo /etc/rc.d/samba -d restart
doing rc_read_runfile
usage: /etc/rc.d/smbd [-df] {start|check|reload|restart|stop}
doing rc_read_runfile
usage: /etc/rc.d/nmbd [-df] {start|check|reload|restart|stop}

The following patch fixes it for me but can probably be improved:

Index: pkg/samba.rc
===================================================================
RCS file: /pub2/cvsroot/OpenBSD/ports/net/samba/pkg/samba.rc,v
retrieving revision 1.3
diff -u -p -u -p -r1.3 samba.rc
--- pkg/samba.rc        8 Jul 2011 02:14:59 -0000       1.3
+++ pkg/samba.rc        1 Feb 2012 18:07:08 -0000
@@ -6,13 +6,19 @@
 _pkg_scripts="smbd nmbd"

 set -A _s -- ${_pkg_scripts}
+if [ "X$#" = "X0" ]; then
+  echo "usage: $0 [-df] {start|check|reload|restart|stop}" 1>&2
+  exit 1
+fi
+set -A _a -- ${*}
+_last=${_a[$#-1]}

-if [ "$1" = stop ]; then
+if [ "$_last" = stop ]; then
        i=$(echo ${_pkg_scripts} | wc -w)
        while [ $i -ne 0 ]; do
                i=$((i-1))
-               /etc/rc.d/${_s[$i]} $1
+               /etc/rc.d/${_s[$i]} $_last
        done
 else
-       for i in ${_pkg_scripts}; do /etc/rc.d/$i $1; done
+       for i in ${_pkg_scripts}; do /etc/rc.d/$i $*; done
 fi

Reply via email to