mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
Fix for CVE-2007-5398.
== Subject: Remote code execution in Samba's WINS
== server daemon (nmbd) when processing name
== registration followed name query requests.
==
== CVE ID#: CVE-2007-5398
==
== Versions: Samba 3.0.0 - 3.0.26a (inclusive)
...
Secunia Research reported a vulnerability that allows for
the execution of arbitrary code in nmbd. This defect may
only be exploited when the "wins support" parameter has
been enabled in smb.conf.
(This used to be commit e40c372e0d
)
This commit is contained in:
parent
c45970529c
commit
d41713b107
@ -970,6 +970,12 @@ for id %hu\n", packet_type, nmb_namestr(&orig_nmb->question.question_name),
|
||||
nmb->answers->ttl = ttl;
|
||||
|
||||
if (data && len) {
|
||||
if (len < 0 || len > sizeof(nmb->answers->rdata)) {
|
||||
DEBUG(5,("reply_netbios_packet: "
|
||||
"invalid packet len (%d)\n",
|
||||
len ));
|
||||
return;
|
||||
}
|
||||
nmb->answers->rdlength = len;
|
||||
memcpy(nmb->answers->rdata, data, len);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user