1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/source3/winbindd
Volker Lendecke 5c6fe5a491 CVE-2022-2127: winbindd: Fix WINBINDD_PAM_AUTH_CRAP length checks
With WBFLAG_BIG_NTLMV2_BLOB being set plus lm_resp_len too large you
can crash winbind. We don't independently check lm_resp_len
sufficiently.

Discovered via Coverity ID 1504444 Out-of-bounds access

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15072

Signed-off-by: Volker Lendecke <vl@samba.org>
2023-07-14 15:16:16 +02:00
..
idmap_hash s3:idmap_hash: reliable return ID_TYPE_BOTH 2021-01-22 11:32:46 +00:00
idmap_ad_nss.c winbindd/idmap: apply const to struct nss_info_methods pointers 2020-10-23 03:25:35 +00:00
idmap_ad.c winbind: Remove an unused include 2021-08-24 17:32:29 +00:00
idmap_autorid_tdb.c s3: safe_string: do not include string_wrappers.h 2020-08-28 00:56:34 +00:00
idmap_autorid.c s3:winbindd: Add a sanity check for the range 2022-02-18 08:05:13 +00:00
idmap_ldap.c lib: give global_contexts.c its own header file 2021-01-08 20:31:33 +00:00
idmap_nss.c CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to the configured domain 2021-11-15 18:10:28 +00:00
idmap_passdb.c winbindd/idmap: apply const to struct idmap_methods pointers 2020-10-23 03:25:35 +00:00
idmap_proto.h winbindd/idmap: apply const to struct idmap_methods pointers 2020-10-23 03:25:35 +00:00
idmap_rfc2307.c idmap_rfc2307: Do not return SID from unixids_to_sids on type mismatch 2021-03-11 07:28:37 +00:00
idmap_rid.c winbindd/idmap: apply const to struct idmap_methods pointers 2020-10-23 03:25:35 +00:00
idmap_rw.c winbindd: allow idmap backends to mark entries with ID_[TYPE_WB_]REQUIRE_TYPE 2020-10-23 03:25:37 +00:00
idmap_rw.h
idmap_script.c idmap_script: Save a few lines with str_list_add_printf() 2021-10-08 19:28:31 +00:00
idmap_tdb2.c winbindd/idmap: apply const to struct idmap_methods pointers 2020-10-23 03:25:35 +00:00
idmap_tdb_common.c winbindd: allow idmap backends to mark entries with ID_[TYPE_WB_]REQUIRE_TYPE 2020-10-23 03:25:37 +00:00
idmap_tdb_common.h
idmap_tdb.c winbindd/idmap: apply const to struct idmap_methods pointers 2020-10-23 03:25:35 +00:00
idmap_util.c
idmap.c winbindd/idmap: apply const to struct idmap_methods pointers 2020-10-23 03:25:35 +00:00
nss_info_template.c
nss_info.c winbindd/idmap: apply const to struct nss_info_methods pointers 2020-10-23 03:25:35 +00:00
wb_dsgetdcname.c winbind: Fix an error path memleak 2019-02-27 01:35:18 +01:00
wb_getgrsid.c
wb_getpwsid.c source3: move lib/substitute.c functions out of proto.h 2021-11-11 13:49:32 +00:00
wb_gettoken.c
wb_group_members.c
wb_lookupname.c
wb_lookupsid.c
wb_lookupsids.c
wb_lookupuseraliases.c
wb_lookupusergroups.c
wb_next_grent.c
wb_next_pwent.c
wb_query_group_list.c
wb_query_user_list.c
wb_queryuser.c winbindd: call wb_parent_idmap_setup_send() in wb_queryuser_send() 2021-09-02 14:29:35 +00:00
wb_seqnum.c
wb_seqnums.c
wb_sids2xids.c wb_sids2xids: defer/skip wb_lookupsids* unless we get ID_TYPE_WB_REQUIRE_TYPE 2020-10-23 04:47:26 +00:00
wb_xids2sids.c wb_xids2sids: make use of the new wb_parent_idmap_setup_send/recv() helpers 2020-10-23 03:25:36 +00:00
winbindd_ads.c s3:winbind: Do not use domain's private data to store the ADS_STRUCT 2022-04-15 13:46:10 +00:00
winbindd_ads.h
winbindd_allocate_gid.c winbindd: Fix a startup race with allocate_gid 2021-03-24 20:31:30 +00:00
winbindd_allocate_uid.c winbind: ensure wb_parent_idmap_setup_send() gets called in winbindd_allocate_uid_send() 2021-09-02 15:20:06 +00:00
winbindd_async.c
winbindd_cache.c s3:winbind: Code cleanup for initialize_winbindd_cache() 2021-05-12 20:29:32 +00:00
winbindd_ccache_access.c
winbindd_change_machine_acct.c
winbindd_check_machine_acct.c
winbindd_cm.c CVE-2022-38023 s3:winbindd: also allow per domain "winbind sealed pipes:DOMAIN" and "require strong key:DOMAIN" 2022-12-14 10:28:16 +00:00
winbindd_cred_cache.c s3:winbind: Use the canonical realm name to renew the credentials 2022-07-18 09:40:12 +00:00
winbindd_creds.c Fix gcc11 compiler issue "-Werror=stringop-overflow=" 2021-05-07 06:23:32 +00:00
winbindd_domain_info.c lib: give global_contexts.c its own header file 2021-01-08 20:31:33 +00:00
winbindd_domain.c
winbindd_dsgetdcname.c winbind: Align integer types 2020-11-30 22:24:37 +00:00
winbindd_dual_ndr.c rpc_server3: Inline pipes_struct into dcerpc_ncacn_conn 2022-01-05 00:11:38 +00:00
winbindd_dual_srv.c rpc_server3: Remove pipes_struct->remote_address 2022-01-05 00:11:37 +00:00
winbindd_dual.c s3:winbindd: Fix winbindd child logfile name handling 2021-10-12 08:40:34 +00:00
winbindd_endgrent.c
winbindd_endpwent.c
winbindd_getdcname.c s3: safe_string: do not include string_wrappers.h 2020-08-28 00:56:34 +00:00
winbindd_getgrent.c
winbindd_getgrgid.c winbindd: handling missing idmap in getgrgid() 2020-02-05 17:56:58 +00:00
winbindd_getgrnam.c s3: safe_string: do not include string_wrappers.h 2020-08-28 00:56:34 +00:00
winbindd_getgroups.c winbindd: allow idmap backends to mark entries with ID_[TYPE_WB_]REQUIRE_TYPE 2020-10-23 03:25:37 +00:00
winbindd_getpwent.c
winbindd_getpwnam.c
winbindd_getpwsid.c
winbindd_getpwuid.c
winbindd_getsidaliases.c winbind: Simplify winbindd_getsidaliases_recv() 2021-10-08 19:28:31 +00:00
winbindd_getuserdomgroups.c
winbindd_getusersids.c winbind: Simplify winbindd_getusersids_recv() 2021-10-08 19:28:31 +00:00
winbindd_gpupdate.c lib: give global_contexts.c its own header file 2021-01-08 20:31:33 +00:00
winbindd_group.c
winbindd_idmap.c lib: give global_contexts.c its own header file 2021-01-08 20:31:33 +00:00
winbindd_irpc.c CVE-2020-25717: s3:winbindd: make sure we default to r->out.authoritative = true 2021-11-09 19:45:32 +00:00
winbindd_list_groups.c winbind: honor WBFLAG_FROM_NSS along with winbind enum users/groups 2018-12-22 03:11:14 +01:00
winbindd_list_users.c winbind: honor WBFLAG_FROM_NSS along with winbind enum users/groups 2018-12-22 03:11:14 +01:00
winbindd_locator.c
winbindd_lookupname.c
winbindd_lookuprids.c s3: safe_string: do not include string_wrappers.h 2020-08-28 00:56:34 +00:00
winbindd_lookupsid.c s3: safe_string: do not include string_wrappers.h 2020-08-28 00:56:34 +00:00
winbindd_lookupsids.c CVE-2020-14323 winbind: Fix invalid lookupsids DoS 2020-10-29 10:25:37 +00:00
winbindd_misc.c CVE-2020-25717: Add FreeIPA domain controller role 2021-11-09 19:45:33 +00:00
winbindd_msrpc.c winbindd: remove obsolete sequence_number from struct winbindd_methods 2021-04-29 15:49:16 +00:00
winbindd_ndr.c s3:winbind: Remove no longer used domain's private_data pointer 2022-04-15 14:45:44 +00:00
winbindd_pam_auth_crap.c CVE-2022-2127: winbindd: Fix WINBINDD_PAM_AUTH_CRAP length checks 2023-07-14 15:16:16 +02:00
winbindd_pam_auth.c lib: give global_contexts.c its own header file 2021-01-08 20:31:33 +00:00
winbindd_pam_chauthtok.c lib: give global_contexts.c its own header file 2021-01-08 20:31:33 +00:00
winbindd_pam_chng_pswd_auth_crap.c lib: give global_contexts.c its own header file 2021-01-08 20:31:33 +00:00
winbindd_pam_logoff.c lib: give global_contexts.c its own header file 2021-01-08 20:31:33 +00:00
winbindd_pam.c CVE-2022-2127: s3:winbind: Move big NTLMv2 blob checks to parent process 2023-07-14 15:16:16 +02:00
winbindd_ping_dc.c
winbindd_proto.h s3:winbind: Create service principal inside add_ccache_to_list() 2022-07-18 08:47:13 +00:00
winbindd_reconnect_ads.c winbindd: remove obsolete sequence_number from struct winbindd_methods 2021-04-29 15:49:16 +00:00
winbindd_reconnect.c winbindd: remove obsolete sequence_number from struct winbindd_methods 2021-04-29 15:49:16 +00:00
winbindd_rpc.c s3:winbindd: Remove unused rpc_sequence_number() 2021-04-29 15:01:29 +00:00
winbindd_rpc.h s3:winbindd: Remove unused rpc_sequence_number() 2021-04-29 15:01:29 +00:00
winbindd_samr.c s3:winbind: Simplify open_cached_internal_pipe_conn() 2022-04-15 13:46:10 +00:00
winbindd_setgrent.c
winbindd_setpwent.c
winbindd_show_sequence.c
winbindd_sids_to_xids.c winbind: Simplify winbindd_sids_to_xids_recv() 2021-10-08 19:28:32 +00:00
winbindd_util.c winbindd: Replace asprintf() with talloc_asprintf() 2022-01-18 20:22:38 +00:00
winbindd_wins_byip.c s3: libsmb: Convert node_status_query() and associated functions and callers to expect a size_t * return. 2020-09-15 10:09:36 +00:00
winbindd_wins_byname.c s3: libsmb: Convert the WINS and broadcast name functions to return size_t * num addresses. 2020-09-15 10:09:36 +00:00
winbindd_xids_to_sids.c winbind: Enhance xids2sids debugging 2019-02-08 08:51:19 +01:00
winbindd.c s3:rpc_server: Activate samba-dcerpcd 2021-12-10 14:02:30 +00:00
winbindd.h s3:winbind: Remove no longer used domain's private_data pointer 2022-04-15 14:45:44 +00:00
wscript_build s3:rpc_server: Activate samba-dcerpcd 2021-12-10 14:02:30 +00:00