diff options
Diffstat (limited to 'openwrt/package/samba/patches')
-rw-r--r-- | openwrt/package/samba/patches/100-samba.patch | 489 | ||||
-rw-r--r-- | openwrt/package/samba/patches/200-security.patch | 606 | ||||
-rw-r--r-- | openwrt/package/samba/patches/250-writex.patch | 152 | ||||
-rw-r--r-- | openwrt/package/samba/patches/300-shared_lib_ldflags_fix.patch | 25 | ||||
-rw-r--r-- | openwrt/package/samba/patches/301-config_files_path.patch | 25 |
5 files changed, 0 insertions, 1297 deletions
diff --git a/openwrt/package/samba/patches/100-samba.patch b/openwrt/package/samba/patches/100-samba.patch deleted file mode 100644 index 3bfeed359..000000000 --- a/openwrt/package/samba/patches/100-samba.patch +++ /dev/null @@ -1,489 +0,0 @@ -diff -ruN samba-2.0.10.orig/source/include/smb.h samba-2.0.10/source/include/smb.h ---- samba-2.0.10.orig/source/include/smb.h 2001-06-23 10:52:20.000000000 +0200 -+++ samba-2.0.10/source/include/smb.h 2006-03-06 22:21:12.000000000 +0100 -@@ -115,6 +115,22 @@ - * Usage: - * DEBUGADD( 2, ("Some additional text.\n") ); - */ -+ -+#ifdef NDEBUG -+ -+#define DEBUGLVL( level ) \ -+ ( (0 == (level)) \ -+ && dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) ) ) -+ -+#define DEBUG( level, body ) \ -+ (void)( (0 == (level)) \ -+ && (dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) )) \ -+ && (dbgtext body) ) -+ -+#define DEBUGADD( level, body ) \ -+ (void)( (0 == (level)) && (dbgtext body) ) -+ -+#else - #define DEBUGLVL( level ) \ - ( (DEBUGLEVEL >= (level)) \ - && dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) ) ) -@@ -140,7 +156,7 @@ - (void)( (DEBUGLEVEL >= (level)) && (dbgtext body) ) - - #endif -- -+#endif - /* End Debugging code section. - * -------------------------------------------------------------------------- ** - */ -@@ -1612,7 +1628,9 @@ - #define CAP_LOCK_AND_READ 0x0100 - #define CAP_NT_FIND 0x0200 - #define CAP_DFS 0x1000 -+#define CAP_W2K_SMBS 0x2000 - #define CAP_LARGE_READX 0x4000 -+#define CAP_LARGE_WRITEX 0x8000 - #define CAP_EXTENDED_SECURITY 0x80000000 - - /* protocol types. It assumes that higher protocols include lower protocols -diff -ruN samba-2.0.10.orig/source/Makefile.in samba-2.0.10/source/Makefile.in ---- samba-2.0.10.orig/source/Makefile.in 2000-03-16 23:57:08.000000000 +0100 -+++ samba-2.0.10/source/Makefile.in 2006-03-06 22:21:12.000000000 +0100 -@@ -37,8 +37,8 @@ - # set these to where to find various files - # These can be overridden by command line switches (see smbd(8)) - # or in smb.conf (see smb.conf(5)) --SMBLOGFILE = $(VARDIR)/log.smb --NMBLOGFILE = $(VARDIR)/log.nmb -+SMBLOGFILE = $(VARDIR)/smb -+NMBLOGFILE = $(VARDIR)/nmb - CONFIGFILE = $(LIBDIR)/smb.conf - LMHOSTSFILE = $(LIBDIR)/lmhosts - DRIVERFILE = $(LIBDIR)/printers.def -@@ -55,7 +55,7 @@ - LOCKDIR = @lockdir@ - - # The directory where code page definition files go --CODEPAGEDIR = $(LIBDIR)/codepages -+CODEPAGEDIR = $(BASEDIR)/codepages - - # The current codepage definition list. - CODEPAGELIST= 437 737 775 850 852 861 932 866 949 950 936 1251 ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R -@@ -82,6 +82,7 @@ - PROGS2 = bin/rpcclient bin/smbpasswd bin/make_smbcodepage bin/make_unicodemap @WRAP@ @WRAP32@ - MPROGS = @MPROGS@ - PROGS = $(PROGS1) $(PROGS2) $(MPROGS) bin/nmblookup bin/make_printerdef -+SHAREDPROGS = bin/smbd.shared bin/nmbd.shared bin/smbpasswd.shared - - SCRIPTS = $(srcdir)/script/smbtar $(srcdir)/script/addtosmbpass $(srcdir)/script/convert_smbpasswd - -@@ -159,6 +160,8 @@ - $(RPC_SERVER_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ - $(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) - -+SMBDSHARED_OBJ = $(SMBD_OBJ1) $(RPC_SERVER_OBJ) \ -+ $(LOCKING_OBJ) $(PROFILE_OBJ) #$(PRINTING_OBJ) - - NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \ - nmbd/nmbd_become_lmb.o nmbd/nmbd_browserdb.o \ -@@ -176,6 +179,8 @@ - NMBD_OBJ = $(NMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \ - $(LIB_OBJ) - -+NMBDSHARED_OBJ = $(NMBD_OBJ1) -+ - SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ - web/swat.o $(LIBSMB_OBJ) $(LOCKING_OBJ) \ - $(PARAM_OBJ) $(PASSDB_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ -@@ -207,6 +212,8 @@ - SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \ - $(UBIQX_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(LIB_OBJ) - -+SMBPASSWDSHARED_OBJ = utils/smbpasswd.o -+ - RPCCLIENT_OBJ = rpcclient/rpcclient.o \ - rpcclient/display.o \ - rpcclient/cmd_lsarpc.o \ -@@ -265,6 +272,11 @@ - PROTO_OBJ = $(SMBD_OBJ) $(NMBD_OBJ) $(SWAT_OBJ) $(CLIENT_OBJ) \ - $(RPCCLIENT_OBJ) $(SMBWRAPPER_OBJ) $(SMBTORTURE_OBJ) - -+LIBSMBSHARED_OBJ = $(LIB_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) \ -+ $(PASSDB_OBJ) $(RPC_PARSE_OBJ) #$(RPC_CLIENT_OBJ) -+ -+LIBSMB_PICOBJS = $(LIBSMBSHARED_OBJ:.o=.po) -+ - PICOBJS = $(SMBWRAPPER_OBJ:.o=.po) - PICOBJS32 = $(SMBWRAPPER_OBJ:.o=.po32) - -@@ -274,6 +286,8 @@ - - all : CHECK $(SPROGS) $(PROGS) - -+shared : CHECK $(SHAREDPROGS) -+ - smbwrapper : CHECK bin/smbsh bin/smbwrapper.@SHLIBEXT@ @WRAP32@ - - smbtorture : CHECK bin/smbtorture -@@ -359,10 +373,18 @@ - @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(LDFLAGS) $(LIBS) - -+bin/smbd.shared: $(SMBDSHARED_OBJ) bin/libsmb.@SHLIBEXT@ bin/.dummy -+ @echo Linking $@ -+ @$(CC) $(FLAGS) -o $@ $(SMBDSHARED_OBJ) $(LDFLAGS) $(LIBS) -Lbin -lsmb -+ - bin/nmbd: $(NMBD_OBJ) bin/.dummy - @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(LIBS) - -+bin/nmbd.shared: $(NMBDSHARED_OBJ) bin/libsmb.@SHLIBEXT@ bin/.dummy -+ @echo Linking $@ -+ @$(CC) $(FLAGS) -o $@ $(NMBDSHARED_OBJ) $(LDFLAGS) $(LIBS) -Lbin -lsmb -+ - bin/swat: $(SWAT_OBJ) bin/.dummy - @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SWAT_OBJ) $(LDFLAGS) $(LIBS) -@@ -411,6 +433,10 @@ - @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBPASSWD_OBJ) $(LDFLAGS) $(LIBS) - -+bin/smbpasswd.shared: $(SMBPASSWDSHARED_OBJ) bin/libsmb.@SHLIBEXT@ bin/.dummy -+ @echo Linking $@ -+ @$(CC) $(FLAGS) -o $@ $(SMBPASSWDSHARED_OBJ) $(LDFLAGS) $(LIBS) -Lbin -lsmb -+ - bin/make_smbcodepage: $(MAKE_SMBCODEPAGE_OBJ) bin/.dummy - @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(MAKE_SMBCODEPAGE_OBJ) $(LDFLAGS) $(LIBS) -@@ -459,6 +485,10 @@ - @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(SMBSH_OBJ) $(LDFLAGS) $(LIBS) - -+bin/libsmb.@SHLIBEXT@: $(LIBSMB_PICOBJS) bin/.dummy -+ @echo Linking shared library $@ -+ @$(LD) @LDSHFLAGS@ -o $@ $(LIBSMB_PICOBJS) $(LIBS) -+ - install: installbin installman installscripts installcp installswat - - installdirs: -@@ -518,7 +548,7 @@ - ctags `find . -name "*.[ch]" | grep -v /CVS/` - - realclean: clean -- -rm -f config.log $(PROGS) $(SPROGS) bin/.dummy -+ -rm -f config.log $(PROGS) $(SPROGS) $(SHAREDPROGS) bin/.dummy - -rmdir bin - - distclean: realclean -diff -ruN samba-2.0.10.orig/source/nmbd/nmbd_mynames.c samba-2.0.10/source/nmbd/nmbd_mynames.c ---- samba-2.0.10.orig/source/nmbd/nmbd_mynames.c 2000-03-16 23:59:24.000000000 +0100 -+++ samba-2.0.10/source/nmbd/nmbd_mynames.c 2006-03-06 22:21:12.000000000 +0100 -@@ -215,8 +215,8 @@ - */ - if( !is_refresh_already_queued( subrec, namerec) ) - refresh_name( subrec, namerec, NULL, NULL, NULL ); -- namerec->data.death_time += lp_max_ttl(); -- namerec->data.refresh_time += MIN(lp_max_ttl(), MAX_REFRESH_TIME); -+ namerec->data.death_time = t + lp_max_ttl(); -+ namerec->data.refresh_time = t + MIN(lp_max_ttl(), MAX_REFRESH_TIME); - } - } - } -diff -ruN samba-2.0.10.orig/source/smbd/close.c samba-2.0.10/source/smbd/close.c ---- samba-2.0.10.orig/source/smbd/close.c 2000-04-21 19:43:13.000000000 +0200 -+++ samba-2.0.10/source/smbd/close.c 2006-03-06 22:21:12.000000000 +0100 -@@ -122,11 +122,11 @@ - last_reference = True; - - fsp->fd_ptr = NULL; -- -+#ifdef PRINTING - /* NT uses smbclose to start a print - weird */ - if (normal_close && fsp->print_file) - print_file(conn, fsp); -- -+#endif - /* check for magic scripts */ - if (normal_close) { - check_magic(fsp,conn); -diff -ruN samba-2.0.10.orig/source/smbd/ipc.c samba-2.0.10/source/smbd/ipc.c ---- samba-2.0.10.orig/source/smbd/ipc.c 2000-03-30 00:20:06.000000000 +0200 -+++ samba-2.0.10/source/smbd/ipc.c 2006-03-06 22:21:12.000000000 +0100 -@@ -472,7 +472,7 @@ - PACK(desc,t,v); - } - -- -+#ifdef PRINTING - /**************************************************************************** - get a print queue - ****************************************************************************/ -@@ -1004,7 +1004,7 @@ - - return True; - } -- -+#endif - /**************************************************************************** - get info level for a server list query - ****************************************************************************/ -@@ -1834,7 +1834,7 @@ - - return(True); - } -- -+#ifdef PRINTING - /**************************************************************************** - delete a print job - Form: <W> <> -@@ -2091,7 +2091,7 @@ - - return(True); - } -- -+#endif - - /**************************************************************************** - get info about the server -@@ -2756,7 +2756,7 @@ - - return(True); - } -- -+#ifdef PRINTING - /**************************************************************************** - api_WPrintJobEnumerate - ****************************************************************************/ -@@ -3189,7 +3189,7 @@ - DEBUG(4,("WPrintPortEnum: errorcode %d\n",desc.errcode)); - return(True); - } -- -+#endif - /**************************************************************************** - Start the first part of an RPC reply which began with an SMBtrans request. - ****************************************************************************/ -@@ -3407,6 +3407,7 @@ - {"RNetUserGetInfo", 56, api_RNetUserGetInfo,0}, - {"NetUserGetGroups", 59, api_NetUserGetGroups,0}, - {"NetWkstaGetInfo", 63, api_NetWkstaGetInfo,0}, -+#ifdef PRINTING - {"DosPrintQEnum", 69, api_DosPrintQEnum,0}, - {"DosPrintQGetInfo", 70, api_DosPrintQGetInfo,0}, - {"WPrintQueuePause", 74, api_WPrintQueuePurge,0}, -@@ -3418,16 +3419,21 @@ - {"RDosPrintJobResume",83, api_RDosPrintJobDel,0}, - {"WPrintDestEnum", 84, api_WPrintDestEnum,0}, - {"WPrintDestGetInfo", 85, api_WPrintDestGetInfo,0}, -+#endif - {"NetRemoteTOD", 91, api_NetRemoteTOD,0}, -+#ifdef PRINTING - {"WPrintQueuePurge", 103, api_WPrintQueuePurge,0}, -+#endif - {"NetServerEnum", 104, api_RNetServerEnum,0}, - {"WAccessGetUserPerms",105, api_WAccessGetUserPerms,0}, - {"SetUserPassword", 115, api_SetUserPassword,0}, - {"WWkstaUserLogon", 132, api_WWkstaUserLogon,0}, -+#ifdef PRINTING - {"PrintJobInfo", 147, api_PrintJobInfo,0}, - {"WPrintDriverEnum", 205, api_WPrintDriverEnum,0}, - {"WPrintQProcEnum", 206, api_WPrintQProcEnum,0}, - {"WPrintPortEnum", 207, api_WPrintPortEnum,0}, -+#endif - {"SamOEMChangePassword", 214, api_SamOEMChangePassword,0}, - {NULL, -1, api_Unsupported,0}}; - -diff -ruN samba-2.0.10.orig/source/smbd/negprot.c samba-2.0.10/source/smbd/negprot.c ---- samba-2.0.10.orig/source/smbd/negprot.c 2000-03-16 23:59:47.000000000 +0100 -+++ samba-2.0.10/source/smbd/negprot.c 2006-03-06 22:21:12.000000000 +0100 -@@ -160,7 +160,7 @@ - /* dual names + lock_and_read + nt SMBs + remote API calls */ - int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ| - (lp_nt_smb_support() ? CAP_NT_SMBS | CAP_RPC_REMOTE_APIS : 0) | -- (SMB_OFF_T_BITS == 64 ? CAP_LARGE_FILES : 0); -+ (SMB_OFF_T_BITS == 64 ? CAP_LARGE_FILES | CAP_LARGE_READX | CAP_LARGE_WRITEX /*| CAP_W2K_SMBS*/ : 0); - - - /* -diff -ruN samba-2.0.10.orig/source/smbd/password.c samba-2.0.10/source/smbd/password.c ---- samba-2.0.10.orig/source/smbd/password.c 2000-03-16 23:59:48.000000000 +0100 -+++ samba-2.0.10/source/smbd/password.c 2006-03-06 22:21:12.000000000 +0100 -@@ -1149,7 +1149,7 @@ - - return(True); - } -- -+#ifdef RPCCLIENT - /*********************************************************************** - Connect to a remote machine for domain security authentication - given a name or IP address. -@@ -1504,3 +1504,4 @@ - cli_shutdown(&cli); - return True; - } -+#endif -diff -ruN samba-2.0.10.orig/source/smbd/process.c samba-2.0.10/source/smbd/process.c ---- samba-2.0.10.orig/source/smbd/process.c 2000-04-15 02:21:27.000000000 +0200 -+++ samba-2.0.10/source/smbd/process.c 2006-03-06 22:21:12.000000000 +0100 -@@ -343,10 +343,12 @@ - {SMBlseek,"SMBlseek",reply_lseek,AS_USER}, - {SMBflush,"SMBflush",reply_flush,AS_USER}, - {SMBctemp,"SMBctemp",reply_ctemp,AS_USER | QUEUE_IN_OPLOCK }, -+#ifdef PRINTING - {SMBsplopen,"SMBsplopen",reply_printopen,AS_USER | QUEUE_IN_OPLOCK }, - {SMBsplclose,"SMBsplclose",reply_printclose,AS_USER}, - {SMBsplretq,"SMBsplretq",reply_printqueue,AS_USER}, - {SMBsplwr,"SMBsplwr",reply_printwrite,AS_USER}, -+#endif - {SMBlock,"SMBlock",reply_lock,AS_USER}, - {SMBunlock,"SMBunlock",reply_unlock,AS_USER}, - -@@ -908,7 +910,7 @@ - DEBUG(2,("Closing idle connection 2.\n")); - return False; - } -- -+#ifdef RPCLIENT - if(global_machine_password_needs_changing) - { - unsigned char trust_passwd_hash[16]; -@@ -954,7 +956,7 @@ - trust_password_unlock(); - global_machine_password_needs_changing = False; - } -- -+#endif - /* - * Check to see if we have any blocking locks - * outstanding on the queue. -diff -ruN samba-2.0.10.orig/source/smbd/reply.c samba-2.0.10/source/smbd/reply.c ---- samba-2.0.10.orig/source/smbd/reply.c 2001-06-23 10:51:24.000000000 +0200 -+++ samba-2.0.10/source/smbd/reply.c 2006-03-06 22:21:12.000000000 +0100 -@@ -597,12 +597,12 @@ - - if (!check_domain_match(orig_user, domain)) - return False; -- -+#ifdef RPCCLIENT - ret = domain_client_validate(orig_user, domain, - smb_apasswd, smb_apasslen, - smb_ntpasswd, smb_ntpasslen, - &user_exists); -- -+#endif - if(ret) { - /* - * User validated ok against Domain controller. -@@ -2991,7 +2991,7 @@ - return -1; - } - -- -+#ifdef PRINTING - /**************************************************************************** - reply to a printopen - ****************************************************************************/ -@@ -3176,7 +3176,7 @@ - - return(outsize); - } -- -+#endif - - /**************************************************************************** - reply to a mkdir -diff -ruN samba-2.0.10.orig/source/smbd/server.c samba-2.0.10/source/smbd/server.c ---- samba-2.0.10.orig/source/smbd/server.c 2000-03-16 23:59:52.000000000 +0100 -+++ samba-2.0.10/source/smbd/server.c 2006-03-06 22:21:12.000000000 +0100 -@@ -300,9 +300,9 @@ - lp_killunused(conn_snum_used); - - ret = lp_load(servicesf,False,False,True); -- -+#ifdef PRINTING - load_printers(); -- -+#endif - /* perhaps the config filename is now set */ - if (!test) - reload_services(True); -diff -ruN samba-2.0.10.orig/source/smbd/service.c samba-2.0.10/source/smbd/service.c ---- samba-2.0.10.orig/source/smbd/service.c 2000-03-16 23:59:52.000000000 +0100 -+++ samba-2.0.10/source/smbd/service.c 2006-03-06 22:21:12.000000000 +0100 -@@ -121,7 +121,7 @@ - } - } - } -- -+#ifdef PRINTING - /* If we still don't have a service, attempt to add it as a printer. */ - if (iService < 0) - { -@@ -146,7 +146,7 @@ - DEBUG(3,("%s is not a valid printer name\n", service)); - } - } -- -+#endif - /* just possibly it's a default service? */ - if (iService < 0) - { -diff -ruN samba-2.0.10.orig/source/utils/smbpasswd.c samba-2.0.10/source/utils/smbpasswd.c ---- samba-2.0.10.orig/source/utils/smbpasswd.c 2000-03-16 23:59:57.000000000 +0100 -+++ samba-2.0.10/source/utils/smbpasswd.c 2006-03-06 22:21:12.000000000 +0100 -@@ -71,7 +71,7 @@ - } - exit(1); - } -- -+#ifdef RPCCLIENT - /********************************************************* - Join a domain. - **********************************************************/ -@@ -143,7 +143,7 @@ - - return (int)ret; - } -- -+#endif - - static void set_line_buffering(FILE *f) - { -@@ -335,13 +335,13 @@ - if((local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER)) && ((remote_machine != NULL) || joining_domain)) { - usage(); - } -- -+#ifdef RPCCLIENT - if(joining_domain) { - if (argc != 0) - usage(); - return join_domain(new_domain, remote_machine); - } -- -+#endif - /* - * Deal with root - can add a user, but only locally. - */ -diff -ruN samba-2.0.10.orig/source/web/swat.c samba-2.0.10/source/web/swat.c ---- samba-2.0.10.orig/source/web/swat.c 2000-04-11 19:36:36.000000000 +0200 -+++ samba-2.0.10/source/web/swat.c 2006-03-06 22:21:12.000000000 +0100 -@@ -357,8 +357,9 @@ - return 0; - } - iNumNonAutoPrintServices = lp_numservices(); -+#ifdef PRINTING - load_printers(); -- -+#endif - return 1; - } - -@@ -997,8 +998,9 @@ - charset_initialise(); - load_config(True); - iNumNonAutoPrintServices = lp_numservices(); -+#ifdef PRINTING - load_printers(); -- -+#endif - cgi_setup(SWATDIR, !demo_mode); - - print_header(); diff --git a/openwrt/package/samba/patches/200-security.patch b/openwrt/package/samba/patches/200-security.patch deleted file mode 100644 index 8e51549e1..000000000 --- a/openwrt/package/samba/patches/200-security.patch +++ /dev/null @@ -1,606 +0,0 @@ -diff -ruN samba-2.0.10.orig/source/include/smb.h samba-2.0.10/source/include/smb.h ---- samba-2.0.10.orig/source/include/smb.h 2006-03-06 22:25:08.000000000 +0100 -+++ samba-2.0.10/source/include/smb.h 2006-03-06 22:25:53.000000000 +0100 -@@ -272,6 +272,7 @@ - #define ERRlock 33 /* Lock request conflicts with existing lock */ - #define ERRunsup 50 /* Request unsupported, returned by Win 95, RJS 20Jun98 */ - #define ERRfilexists 80 /* File in operation already exists */ -+#define ERRinvalidparam 87 - #define ERRcannotopen 110 /* Cannot open the file specified */ - #define ERRunknownlevel 124 - #define ERRrename 183 -@@ -1911,4 +1912,7 @@ - - #define SAFE_NETBIOS_CHARS ". -_" - -+#ifndef SAFE_FREE -+#define SAFE_FREE(x) do { if ((x) != NULL) {free((x)); (x)=NULL;} } while(0) -+#endif - #endif /* _SMB_H */ -diff -ruN samba-2.0.10.orig/source/include/version.h samba-2.0.10/source/include/version.h ---- samba-2.0.10.orig/source/include/version.h 2001-06-23 15:23:59.000000000 +0200 -+++ samba-2.0.10/source/include/version.h 2006-03-06 22:25:53.000000000 +0100 -@@ -1 +1 @@ --#define VERSION "2.0.10" -+#define VERSION "2.0.10-security-rollup" -diff -ruN samba-2.0.10.orig/source/smbd/filename.c samba-2.0.10/source/smbd/filename.c ---- samba-2.0.10.orig/source/smbd/filename.c 2000-03-16 23:59:44.000000000 +0100 -+++ samba-2.0.10/source/smbd/filename.c 2006-03-06 22:25:53.000000000 +0100 -@@ -172,7 +172,7 @@ - * StrnCpy always null terminates. - */ - -- StrnCpy(orig_name, full_orig_name, namelen); -+ StrnCpy(orig_name, full_orig_name, MIN(namelen, sizeof(orig_name)-1)); - if(!case_sensitive) - strupper( orig_name ); - -diff -ruN samba-2.0.10.orig/source/smbd/ipc.c samba-2.0.10/source/smbd/ipc.c ---- samba-2.0.10.orig/source/smbd/ipc.c 2006-03-06 22:25:08.000000000 +0100 -+++ samba-2.0.10/source/smbd/ipc.c 2006-03-06 22:25:53.000000000 +0100 -@@ -3556,18 +3556,18 @@ - uint16 *setup=NULL; - int outsize = 0; - uint16 vuid = SVAL(inbuf,smb_uid); -- int tpscnt = SVAL(inbuf,smb_vwv0); -- int tdscnt = SVAL(inbuf,smb_vwv1); -- int mprcnt = SVAL(inbuf,smb_vwv2); -- int mdrcnt = SVAL(inbuf,smb_vwv3); -- int msrcnt = CVAL(inbuf,smb_vwv4); -+ unsigned int tpscnt = SVAL(inbuf,smb_vwv0); -+ unsigned int tdscnt = SVAL(inbuf,smb_vwv1); -+ unsigned int mprcnt = SVAL(inbuf,smb_vwv2); -+ unsigned int mdrcnt = SVAL(inbuf,smb_vwv3); -+ unsigned int msrcnt = CVAL(inbuf,smb_vwv4); - BOOL close_on_completion = BITSETW(inbuf+smb_vwv5,0); - BOOL one_way = BITSETW(inbuf+smb_vwv5,1); -- int pscnt = SVAL(inbuf,smb_vwv9); -- int psoff = SVAL(inbuf,smb_vwv10); -- int dscnt = SVAL(inbuf,smb_vwv11); -- int dsoff = SVAL(inbuf,smb_vwv12); -- int suwcnt = CVAL(inbuf,smb_vwv13); -+ unsigned int pscnt = SVAL(inbuf,smb_vwv9); -+ unsigned int psoff = SVAL(inbuf,smb_vwv10); -+ unsigned int dscnt = SVAL(inbuf,smb_vwv11); -+ unsigned int dsoff = SVAL(inbuf,smb_vwv12); -+ unsigned int suwcnt = CVAL(inbuf,smb_vwv13); - - memset(name, '\0',sizeof(name)); - fstrcpy(name,smb_buf(inbuf)); -@@ -3578,26 +3578,44 @@ - - if (tdscnt) { - if((data = (char *)malloc(tdscnt)) == NULL) { -- DEBUG(0,("reply_trans: data malloc fail for %d bytes !\n", tdscnt)); -+ DEBUG(0,("reply_trans: data malloc fail for %u bytes !\n", tdscnt)); - return(ERROR(ERRDOS,ERRnomem)); - } -+ if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt)) -+ goto bad_param; -+ if (smb_base(inbuf)+dsoff+dscnt > inbuf + size) -+ goto bad_param; -+ - memcpy(data,smb_base(inbuf)+dsoff,dscnt); - } - - if (tpscnt) { - if((params = (char *)malloc(tpscnt)) == NULL) { -- DEBUG(0,("reply_trans: param malloc fail for %d bytes !\n", tpscnt)); -+ DEBUG(0,("reply_trans: param malloc fail for %u bytes !\n", tpscnt)); -+ SAFE_FREE(data); - return(ERROR(ERRDOS,ERRnomem)); - } -+ if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt)) -+ goto bad_param; -+ if (smb_base(inbuf)+psoff+pscnt > inbuf + size) -+ goto bad_param; -+ - memcpy(params,smb_base(inbuf)+psoff,pscnt); - } - - if (suwcnt) { - int i; - if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) { -- DEBUG(0,("reply_trans: setup malloc fail for %d bytes !\n", (int)(suwcnt * sizeof(uint16)))); -- return(ERROR(ERRDOS,ERRnomem)); -- } -+ DEBUG(0,("reply_trans: setup malloc fail for %u bytes !\n", (unsigned int)(suwcnt * sizeof(uint16)))); -+ SAFE_FREE(data); -+ SAFE_FREE(params); -+ return(ERROR(ERRDOS,ERRnomem)); -+ } -+ if (inbuf+smb_vwv14+(suwcnt*SIZEOFWORD) > inbuf + size) -+ goto bad_param; -+ if ((smb_vwv14+(suwcnt*SIZEOFWORD) < smb_vwv14) || (smb_vwv14+(suwcnt*SIZEOFWORD) < (suwcnt*SIZEOFWORD))) -+ goto bad_param; -+ - for (i=0;i<suwcnt;i++) - setup[i] = SVAL(inbuf,smb_vwv14+i*SIZEOFWORD); - } -@@ -3614,7 +3632,7 @@ - /* receive the rest of the trans packet */ - while (pscnt < tpscnt || dscnt < tdscnt) { - BOOL ret; -- int pcnt,poff,dcnt,doff,pdisp,ddisp; -+ unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp; - - ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT); - -@@ -3625,19 +3643,19 @@ - DEBUG(0,("reply_trans: %s in getting secondary trans response.\n", - (smb_read_error == READ_ERROR) ? "error" : "timeout" )); - } -- if (params) -- free(params); -- if (data) -- free(data); -- if (setup) -- free(setup); -+ SAFE_FREE(params); -+ SAFE_FREE(data); -+ SAFE_FREE(setup); - return(ERROR(ERRSRV,ERRerror)); - } - - show_msg(inbuf); - -- tpscnt = SVAL(inbuf,smb_vwv0); -- tdscnt = SVAL(inbuf,smb_vwv1); -+ /* Revise total_params and total_data in case they have changed downwards */ -+ if (SVAL(inbuf,smb_vwv0) < tpscnt) -+ tpscnt = SVAL(inbuf,smb_vwv0); -+ if (SVAL(inbuf,smb_vwv1) < tdscnt) -+ tdscnt = SVAL(inbuf,smb_vwv1); - - pcnt = SVAL(inbuf,smb_vwv2); - poff = SVAL(inbuf,smb_vwv3); -@@ -3650,17 +3668,36 @@ - pscnt += pcnt; - dscnt += dcnt; - -- if (dscnt > tdscnt || pscnt > tpscnt) { -- exit_server("invalid trans parameters\n"); -- } -+ if (dscnt > tdscnt || pscnt > tpscnt) -+ goto bad_param; - -- if (pcnt) -+ if (pcnt) { -+ if (pdisp+pcnt >= tpscnt) -+ goto bad_param; -+ if ((pdisp+pcnt < pdisp) || (pdisp+pcnt < pcnt)) -+ goto bad_param; -+ if (smb_base(inbuf) + poff + pcnt >= inbuf + bufsize) -+ goto bad_param; -+ if (params + pdisp < params) -+ goto bad_param; -+ - memcpy(params+pdisp,smb_base(inbuf)+poff,pcnt); -- if (dcnt) -+ } -+ -+ if (dcnt) { -+ if (ddisp+dcnt >= tdscnt) -+ goto bad_param; -+ if ((ddisp+dcnt < ddisp) || (ddisp+dcnt < dcnt)) -+ goto bad_param; -+ if (smb_base(inbuf) + doff + dcnt >= inbuf + bufsize) -+ goto bad_param; -+ if (data + ddisp < data) -+ goto bad_param; -+ - memcpy(data+ddisp,smb_base(inbuf)+doff,dcnt); -+ } - } -- -- -+ - DEBUG(3,("trans <%s> data=%d params=%d setup=%d\n", - name,tdscnt,tpscnt,suwcnt)); - -@@ -3700,4 +3737,12 @@ - return(ERROR(ERRSRV,ERRnosupport)); - - return(outsize); -+ -+ bad_param: -+ -+ DEBUG(0,("reply_trans: invalid trans parameters\n")); -+ SAFE_FREE(data); -+ SAFE_FREE(params); -+ SAFE_FREE(setup); -+ return(ERROR(ERRSRV,ERRerror)); - } -diff -ruN samba-2.0.10.orig/source/smbd/nttrans.c samba-2.0.10/source/smbd/nttrans.c ---- samba-2.0.10.orig/source/smbd/nttrans.c 2000-04-24 19:27:30.000000000 +0200 -+++ samba-2.0.10/source/smbd/nttrans.c 2006-03-06 22:25:53.000000000 +0100 -@@ -2575,11 +2575,14 @@ - params = (char *)malloc(total_parameter_count); - if (total_data_count > 0) - data = (char *)malloc(total_data_count); -- -+ - if ((total_parameter_count && !params) || (total_data_count && !data) || - (setup_count && !setup)) { -+ SAFE_FREE(setup); -+ SAFE_FREE(params); -+ SAFE_FREE(data); - DEBUG(0,("reply_nttrans : Out of memory\n")); -- return(ERROR(ERRDOS,ERRnomem)); -+ return ERROR(ERRDOS,ERRnomem); - } - - /* Copy the param and data bytes sent with this request into -@@ -2588,64 +2591,112 @@ - num_data_sofar = data_count; - - if (parameter_count > total_parameter_count || data_count > total_data_count) -- exit_server("reply_nttrans: invalid sizes in packet.\n"); -+ goto bad_param; - - if(setup) { -- memcpy( setup, &inbuf[smb_nt_SetupStart], setup_count); - DEBUG(10,("reply_nttrans: setup_count = %d\n", setup_count)); -- dump_data(10, setup, setup_count); -+ if ((smb_nt_SetupStart + setup_count < smb_nt_SetupStart) || -+ (smb_nt_SetupStart + setup_count < setup_count)) -+ goto bad_param; -+ if (smb_nt_SetupStart + setup_count > length) -+ goto bad_param; -+ -+ memcpy( setup, &inbuf[smb_nt_SetupStart], setup_count); - } - if(params) { -- memcpy( params, smb_base(inbuf) + parameter_offset, parameter_count); - DEBUG(10,("reply_nttrans: parameter_count = %d\n", parameter_count)); -- dump_data(10, params, parameter_count); -+ if ((parameter_offset + parameter_count < parameter_offset) || -+ (parameter_offset + parameter_count < parameter_count)) -+ goto bad_param; -+ if (smb_base(inbuf) + parameter_offset + parameter_count > inbuf + length) -+ goto bad_param; -+ -+ memcpy( params, smb_base(inbuf) + parameter_offset, parameter_count); - } - if(data) { -- memcpy( data, smb_base(inbuf) + data_offset, data_count); - DEBUG(10,("reply_nttrans: data_count = %d\n",data_count)); -- dump_data(10, data, data_count); -+ if ((data_offset + data_count < data_offset) || (data_offset + data_count < data_count)) -+ goto bad_param; -+ if (smb_base(inbuf) + data_offset + data_count > inbuf + length) -+ goto bad_param; -+ -+ memcpy( data, smb_base(inbuf) + data_offset, data_count); -+ - } - - if(num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) { - /* We need to send an interim response then receive the rest - of the parameter/data bytes */ - outsize = set_message(outbuf,0,0,True); -- send_smb(Client,outbuf); -+ if (!send_smb(Client,outbuf)) -+ exit_server("reply_nttrans: send_smb failed."); - - while( num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) { - BOOL ret; -- -+ uint32 parameter_displacement; -+ uint32 data_displacement; -+ - ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT); -- -+ - if((ret && (CVAL(inbuf, smb_com) != SMBnttranss)) || !ret) { -- outsize = set_message(outbuf,0,0,True); -- if(ret) { -- DEBUG(0,("reply_nttrans: Invalid secondary nttrans packet\n")); -- } else { -- DEBUG(0,("reply_nttrans: %s in getting secondary nttrans response.\n", -- (smb_read_error == READ_ERROR) ? "error" : "timeout" )); -+ outsize = set_message(outbuf,0,0,True); -+ if(ret) { -+ DEBUG(0,("reply_nttrans: Invalid secondary nttrans packet\n")); -+ } else { -+ DEBUG(0,("reply_nttrans: %s in getting secondary nttrans response.\n", -+ (smb_read_error == READ_ERROR) ? "error" : "timeout" )); - } -- if(params) -- free(params); -- if(data) -- free(data); -- if(setup) -- free(setup); -- return(ERROR(ERRSRV,ERRerror)); -+ goto bad_param; - } - - /* Revise total_params and total_data in case they have changed downwards */ -- total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount); -- total_data_count = IVAL(inbuf, smb_nts_TotalDataCount); -- num_params_sofar += (parameter_count = IVAL(inbuf,smb_nts_ParameterCount)); -- num_data_sofar += ( data_count = IVAL(inbuf, smb_nts_DataCount)); -- if (num_params_sofar > total_parameter_count || num_data_sofar > total_data_count) -- exit_server("reply_nttrans2: data overflow in secondary nttrans packet\n"); -- -- memcpy( ¶ms[ IVAL(inbuf, smb_nts_ParameterDisplacement)], -- smb_base(inbuf) + IVAL(inbuf, smb_nts_ParameterOffset), parameter_count); -- memcpy( &data[IVAL(inbuf, smb_nts_DataDisplacement)], -- smb_base(inbuf)+ IVAL(inbuf, smb_nts_DataOffset), data_count); -+ if (IVAL(inbuf, smb_nts_TotalParameterCount) < total_parameter_count) -+ total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount); -+ if (IVAL(inbuf, smb_nts_TotalDataCount) < total_data_count) -+ total_data_count = IVAL(inbuf, smb_nts_TotalDataCount); -+ -+ parameter_count = IVAL(inbuf,smb_nts_ParameterCount); -+ parameter_offset = IVAL(inbuf, smb_nts_ParameterOffset); -+ parameter_displacement = IVAL(inbuf, smb_nts_ParameterDisplacement); -+ num_params_sofar += parameter_count; -+ -+ data_count = IVAL(inbuf, smb_nts_DataCount); -+ data_displacement = IVAL(inbuf, smb_nts_DataDisplacement); -+ data_offset = IVAL(inbuf, smb_nts_DataOffset); -+ num_data_sofar += data_count; -+ -+ if (num_params_sofar > total_parameter_count || num_data_sofar > total_data_count) { -+ DEBUG(0,("reply_nttrans2: data overflow in secondary nttrans packet")); -+ goto bad_param; -+ } -+ -+ if (parameter_count) { -+ if (parameter_displacement + parameter_count >= total_parameter_count) -+ goto bad_param; -+ if ((parameter_displacement + parameter_count < parameter_displacement) || -+ (parameter_displacement + parameter_count < parameter_count)) -+ goto bad_param; -+ if (smb_base(inbuf) + parameter_offset + parameter_count >= inbuf + bufsize) -+ goto bad_param; -+ if (params + parameter_displacement < params) -+ goto bad_param; -+ -+ memcpy( ¶ms[parameter_displacement], smb_base(inbuf) + parameter_offset, parameter_count); -+ } -+ -+ if (data_count) { -+ if (data_displacement + data_count >= total_data_count) -+ goto bad_param; -+ if ((data_displacement + data_count < data_displacement) || -+ (data_displacement + data_count < data_count)) -+ goto bad_param; -+ if (smb_base(inbuf) + data_offset + data_count >= inbuf + bufsize) -+ goto bad_param; -+ if (data + data_displacement < data) -+ goto bad_param; -+ -+ memcpy( &data[data_displacement], smb_base(inbuf)+ data_offset, data_count); -+ } - } - } - -@@ -2714,4 +2765,10 @@ - return outsize; /* If a correct response was needed the call_nt_transact_xxxx - calls have already sent it. If outsize != -1 then it is - returning an error packet. */ -+ bad_param: -+ -+ SAFE_FREE(params); -+ SAFE_FREE(data); -+ SAFE_FREE(setup); -+ return ERROR(ERRDOS,ERRinvalidparam); - } -diff -ruN samba-2.0.10.orig/source/smbd/password.c samba-2.0.10/source/smbd/password.c ---- samba-2.0.10.orig/source/smbd/password.c 2006-03-06 22:25:08.000000000 +0100 -+++ samba-2.0.10/source/smbd/password.c 2006-03-06 22:25:53.000000000 +0100 -@@ -770,7 +770,7 @@ - if (!ok && lp_username(snum)) { - char *auser; - pstring user_list; -- StrnCpy(user_list,lp_username(snum),sizeof(pstring)); -+ StrnCpy(user_list,lp_username(snum),sizeof(pstring)-1); - - pstring_sub(user_list,"%S",lp_servicename(snum)); - -diff -ruN samba-2.0.10.orig/source/smbd/reply.c samba-2.0.10/source/smbd/reply.c ---- samba-2.0.10.orig/source/smbd/reply.c 2006-03-06 22:25:08.000000000 +0100 -+++ samba-2.0.10/source/smbd/reply.c 2006-03-06 22:25:53.000000000 +0100 -@@ -1413,6 +1413,9 @@ - - for (i=numentries;(i<maxentries) && !finished;i++) - { -+ /* check to make sure we have room in the buffer */ -+ if ( ((PTR_DIFF(p, outbuf))+DIR_STRUCT_SIZE) > BUFFER_SIZE ) -+ break; - finished = - !get_dir_entry(conn,mask,dirtype,fname,&size,&mode,&date,check_descend); - if (!finished) -@@ -3122,6 +3125,9 @@ - - - for (i=first;i<first+num_to_get;i++) { -+ /* check to make sure we have room in the buffer */ -+ if ( (PTR_DIFF(p, outbuf)+28) > BUFFER_SIZE ) -+ break; - put_dos_date2(p,0,queue[i].time); - CVAL(p,4) = (queue[i].status==LPQ_PRINTING?2:3); - SSVAL(p,5,printjob_encode(SNUM(conn), -diff -ruN samba-2.0.10.orig/source/smbd/trans2.c samba-2.0.10/source/smbd/trans2.c ---- samba-2.0.10.orig/source/smbd/trans2.c 2000-04-24 19:27:31.000000000 +0200 -+++ samba-2.0.10/source/smbd/trans2.c 2006-03-06 22:25:53.000000000 +0100 -@@ -201,7 +201,6 @@ - int16 open_ofun = SVAL(params,12); - int32 open_size = IVAL(params,14); - char *pname = ¶ms[28]; -- int16 namelen = strlen(pname)+1; - - pstring fname; - mode_t unixmode; -@@ -213,7 +212,7 @@ - BOOL bad_path = False; - files_struct *fsp; - -- StrnCpy(fname,pname,namelen); -+ pstrcpy(fname,pname); - - DEBUG(3,("trans2open %s mode=%d attr=%d ofun=%d size=%d\n", - fname,open_mode, open_attr, open_ofun, open_size)); -@@ -2185,7 +2184,7 @@ - unsigned int suwcnt = SVAL(inbuf, smb_suwcnt); - unsigned int tran_call = SVAL(inbuf, smb_setup0); - char *params = NULL, *data = NULL; -- int num_params, num_params_sofar, num_data, num_data_sofar; -+ unsigned int num_params, num_params_sofar, num_data, num_data_sofar; - - if(global_oplock_break && (tran_call == TRANSACT2_OPEN)) { - /* Queue this open message as we are the process of an -@@ -2203,8 +2202,9 @@ - /* All trans2 messages we handle have smb_sucnt == 1 - ensure this - is so as a sanity check */ - if (suwcnt != 1) { -- DEBUG(2,("Invalid smb_sucnt in trans2 call\n")); -- return(ERROR(ERRSRV,ERRerror)); -+ DEBUG(2,("Invalid smb_sucnt in trans2 call(%u)\n",suwcnt)); -+ DEBUG(2,("Transaction is %d\n",tran_call)); -+ ERROR(ERRDOS,ERRinvalidparam); - } - - /* Allocate the space for the maximum needed parameters and data */ -@@ -2215,11 +2215,9 @@ - - if ((total_params && !params) || (total_data && !data)) { - DEBUG(2,("Out of memory in reply_trans2\n")); -- if(params) -- free(params); -- if(data) -- free(data); -- return(ERROR(ERRDOS,ERRnomem)); -+ SAFE_FREE(params); -+ SAFE_FREE(data); -+ return ERROR(ERRDOS,ERRnomem); - } - - /* Copy the param and data bytes sent with this request into -@@ -2230,20 +2228,37 @@ - if (num_params > total_params || num_data > total_data) - exit_server("invalid params in reply_trans2"); - -- if(params) -- memcpy( params, smb_base(inbuf) + SVAL(inbuf, smb_psoff), num_params); -- if(data) -- memcpy( data, smb_base(inbuf) + SVAL(inbuf, smb_dsoff), num_data); -+ if(params) { -+ unsigned int psoff = SVAL(inbuf, smb_psoff); -+ if ((psoff + num_params < psoff) || (psoff + num_params < num_params)) -+ goto bad_param; -+ if (smb_base(inbuf) + psoff + num_params > inbuf + length) -+ goto bad_param; -+ memcpy( params, smb_base(inbuf) + psoff, num_params); -+ } -+ if(data) { -+ unsigned int dsoff = SVAL(inbuf, smb_dsoff); -+ if ((dsoff + num_data < dsoff) || (dsoff + num_data < num_data)) -+ goto bad_param; -+ if (smb_base(inbuf) + dsoff + num_data > inbuf + length) -+ goto bad_param; -+ memcpy( data, smb_base(inbuf) + dsoff, num_data); -+ } - - if(num_data_sofar < total_data || num_params_sofar < total_params) { - /* We need to send an interim response then receive the rest - of the parameter/data bytes */ - outsize = set_message(outbuf,0,0,True); -- send_smb(Client,outbuf); -+ if (!send_smb(Client,outbuf)) -+ exit_server("reply_trans2: send_smb failed."); - - while (num_data_sofar < total_data || - num_params_sofar < total_params) { - BOOL ret; -+ unsigned int param_disp; -+ unsigned int param_off; -+ unsigned int data_disp; -+ unsigned int data_off; - - ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT); - -@@ -2255,26 +2270,55 @@ - else - DEBUG(0,("reply_trans2: %s in getting secondary trans2 response.\n", - (smb_read_error == READ_ERROR) ? "error" : "timeout" )); -- if(params) -- free(params); -- if(data) -- free(data); -- return(ERROR(ERRSRV,ERRerror)); -+ goto bad_param; - } - - /* Revise total_params and total_data in case - they have changed downwards */ -- total_params = SVAL(inbuf, smb_tpscnt); -- total_data = SVAL(inbuf, smb_tdscnt); -- num_params_sofar += (num_params = SVAL(inbuf,smb_spscnt)); -- num_data_sofar += ( num_data = SVAL(inbuf, smb_sdscnt)); -+ if (SVAL(inbuf, smb_tpscnt) < total_params) -+ total_params = SVAL(inbuf, smb_tpscnt); -+ if (SVAL(inbuf, smb_tdscnt) < total_data) -+ total_data = SVAL(inbuf, smb_tdscnt); -+ -+ num_params = SVAL(inbuf,smb_spscnt); -+ param_off = SVAL(inbuf, smb_spsoff); -+ param_disp = SVAL(inbuf, smb_spsdisp); -+ num_params_sofar += num_params; -+ -+ num_data = SVAL(inbuf, smb_sdscnt); -+ data_off = SVAL(inbuf, smb_sdsoff); -+ data_disp = SVAL(inbuf, smb_sdsdisp); -+ num_data_sofar += num_data; -+ - if (num_params_sofar > total_params || num_data_sofar > total_data) -- exit_server("data overflow in trans2"); -+ goto bad_param; - -- memcpy( ¶ms[ SVAL(inbuf, smb_spsdisp)], -- smb_base(inbuf) + SVAL(inbuf, smb_spsoff), num_params); -- memcpy( &data[SVAL(inbuf, smb_sdsdisp)], -- smb_base(inbuf)+ SVAL(inbuf, smb_sdsoff), num_data); -+ if (num_params) { -+ if (param_disp + num_params >= total_params) -+ goto bad_param; -+ if ((param_disp + num_params < param_disp) || -+ (param_disp + num_params < num_params)) -+ goto bad_param; -+ if (smb_base(inbuf) + param_off + num_params >= inbuf + bufsize) -+ goto bad_param; -+ if (params + param_disp < params) -+ goto bad_param; -+ -+ memcpy( ¶ms[param_disp], smb_base(inbuf) + param_off, num_params); -+ } -+ if (num_data) { -+ if (data_disp + num_data >= total_data) -+ goto bad_param; -+ if ((data_disp + num_data < data_disp) || -+ (data_disp + num_data < num_data)) -+ goto bad_param; -+ if (smb_base(inbuf) + data_off + num_data >= inbuf + bufsize) -+ goto bad_param; -+ if (data + data_disp < data) -+ goto bad_param; -+ -+ memcpy( &data[data_disp], smb_base(inbuf) + data_off, num_data); -+ } - } - } - -@@ -2367,4 +2411,10 @@ - return outsize; /* If a correct response was needed the - call_trans2xxx calls have already sent - it. If outsize != -1 then it is returning */ -+ -+ bad_param: -+ -+ SAFE_FREE(params); -+ SAFE_FREE(data); -+ return (ERROR(ERRDOS,ERRinvalidparam)); - } diff --git a/openwrt/package/samba/patches/250-writex.patch b/openwrt/package/samba/patches/250-writex.patch deleted file mode 100644 index ed0495e92..000000000 --- a/openwrt/package/samba/patches/250-writex.patch +++ /dev/null @@ -1,152 +0,0 @@ -diff -ruN samba-2.0.10.orig/source/include/smb.h samba-2.0.10/source/include/smb.h ---- samba-2.0.10.orig/source/include/smb.h 2006-03-06 22:25:53.000000000 +0100 -+++ samba-2.0.10/source/include/smb.h 2006-03-06 22:27:31.000000000 +0100 -@@ -24,8 +24,14 @@ - #ifndef _SMB_H - #define _SMB_H - -+#if defined(LARGE_SMB_OFF_T) -+#define BUFFER_SIZE (128*1024) -+#else /* no large readwrite possible */ - #define BUFFER_SIZE (0xFFFF) -+#endif -+ - #define SAFETY_MARGIN 1024 -+#define LARGE_WRITEX_HDR_SIZE 65 - - #define NMB_PORT 137 - #define DGRAM_PORT 138 -diff -ruN samba-2.0.10.orig/source/lib/util_sock.c samba-2.0.10/source/lib/util_sock.c ---- samba-2.0.10.orig/source/lib/util_sock.c 2000-03-16 23:59:18.000000000 +0100 -+++ samba-2.0.10/source/lib/util_sock.c 2006-03-06 22:27:31.000000000 +0100 -@@ -649,19 +649,21 @@ - memset(buffer,'\0',smb_size + 100); - - len = read_smb_length_return_keepalive(fd,buffer,timeout); -- if (len < 0) -- { -+ if (len < 0) { - DEBUG(10,("receive_smb: length < 0!\n")); - return(False); - } - -- if (len > BUFFER_SIZE) { -+ /* -+ * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes -+ * of header. Don't print the error if this fits.... JRA. -+ */ -+ -+ if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) { - DEBUG(0,("Invalid packet length! (%d bytes).\n",len)); - if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) -- { - exit(1); - } -- } - - if(len > 0) { - ret = read_socket_data(fd,buffer+4,len); -diff -ruN samba-2.0.10.orig/source/smbd/oplock.c samba-2.0.10/source/smbd/oplock.c ---- samba-2.0.10.orig/source/smbd/oplock.c 2000-04-25 04:32:14.000000000 +0200 -+++ samba-2.0.10/source/smbd/oplock.c 2006-03-06 22:27:31.000000000 +0100 -@@ -887,13 +887,13 @@ - messages crossing on the wire. - */ - -- if((inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN))==NULL) -+ if((inbuf = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) - { - DEBUG(0,("oplock_break: malloc fail for input buffer.\n")); - return False; - } - -- if((outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN))==NULL) -+ if((outbuf = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) - { - DEBUG(0,("oplock_break: malloc fail for output buffer.\n")); - free(inbuf); -diff -ruN samba-2.0.10.orig/source/smbd/process.c samba-2.0.10/source/smbd/process.c ---- samba-2.0.10.orig/source/smbd/process.c 2006-03-06 22:25:28.000000000 +0100 -+++ samba-2.0.10/source/smbd/process.c 2006-03-06 22:27:31.000000000 +0100 -@@ -995,8 +995,8 @@ - time_t last_timeout_processing_time = time(NULL); - unsigned int num_smbs = 0; - -- InBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); -- OutBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); -+ InBuffer = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN); -+ OutBuffer = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN); - if ((InBuffer == NULL) || (OutBuffer == NULL)) - return; - -@@ -1027,7 +1027,7 @@ - /* free up temporary memory */ - lp_talloc_free(); - -- while(!receive_message_or_smb(InBuffer,BUFFER_SIZE,select_timeout,&got_smb)) -+ while(!receive_message_or_smb(InBuffer,BUFFER_SIZE+LARGE_WRITEX_HDR_SIZE,select_timeout,&got_smb)) - { - if(!timeout_processing( deadtime, &select_timeout, &last_timeout_processing_time)) - return; -diff -ruN samba-2.0.10.orig/source/smbd/reply.c samba-2.0.10/source/smbd/reply.c ---- samba-2.0.10.orig/source/smbd/reply.c 2006-03-06 22:25:53.000000000 +0100 -+++ samba-2.0.10/source/smbd/reply.c 2006-03-06 22:27:31.000000000 +0100 -@@ -2551,17 +2551,28 @@ - size_t numtowrite = SVAL(inbuf,smb_vwv10); - BOOL write_through = BITSETW(inbuf+smb_vwv7,0); - ssize_t nwritten = -1; -- int smb_doff = SVAL(inbuf,smb_vwv11); -+ unsigned int smb_doff = SVAL(inbuf,smb_vwv11); -+ unsigned int smblen = smb_len(inbuf); - char *data; -+ BOOL large_writeX = ((CVAL(inbuf,smb_wct) == 14) && (smblen > 0xFFFF)); - - /* If it's an IPC, pass off the pipe handler. */ -- if (IS_IPC(conn)) -+ if (IS_IPC(conn)) { - return reply_pipe_write_and_X(inbuf,outbuf,length,bufsize); -+ } - - CHECK_FSP(fsp,conn); - CHECK_WRITE(fsp); - CHECK_ERROR(fsp); - -+ /* Deal with possible LARGE_WRITEX */ -+ if (large_writeX) -+ numtowrite |= ((((size_t)SVAL(inbuf,smb_vwv9)) & 1 )<<16); -+ -+ if(smb_doff > smblen || (smb_doff + numtowrite > smblen)) { -+ return(ERROR(ERRDOS,ERRbadmem)); -+ } -+ - data = smb_base(inbuf) + smb_doff; - - if(CVAL(inbuf,smb_wct) == 14) { -@@ -2586,8 +2597,9 @@ - #endif /* LARGE_SMB_OFF_T */ - } - -- if (is_locked(fsp,conn,numtowrite,startpos, F_WRLCK)) -+ if (is_locked(fsp,conn,(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) { - return(ERROR(ERRDOS,ERRlock)); -+ } - - /* X/Open SMB protocol says that, unlike SMBwrite - if the length is zero then NO truncation is -@@ -2598,12 +2610,15 @@ - else - nwritten = write_file(fsp,data,startpos,numtowrite); - -- if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) -+ if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) { - return(UNIXERROR(ERRDOS,ERRnoaccess)); -+ } - - set_message(outbuf,6,0,True); - - SSVAL(outbuf,smb_vwv2,nwritten); -+ if (large_writeX) -+ SSVAL(outbuf,smb_vwv4,(nwritten>>16)&1); - - if (nwritten < (ssize_t)numtowrite) { - CVAL(outbuf,smb_rcls) = ERRHRD; diff --git a/openwrt/package/samba/patches/300-shared_lib_ldflags_fix.patch b/openwrt/package/samba/patches/300-shared_lib_ldflags_fix.patch deleted file mode 100644 index 7428facc4..000000000 --- a/openwrt/package/samba/patches/300-shared_lib_ldflags_fix.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- samba-2.0.10/source/Makefile.in.orig 2005-08-20 20:34:44.000000000 +0200 -+++ samba-2.0.10/source/Makefile.in 2005-08-20 20:36:27.000000000 +0200 -@@ -475,11 +475,11 @@ - - bin/smbwrapper.@SHLIBEXT@: $(PICOBJS) - @echo Linking shared library $@ -- @$(LD) @LDSHFLAGS@ -o $@ $(PICOBJS) $(LIBS) -+ @$(LD) @LDSHFLAGS@ -o $@ $(PICOBJS) $(LDFLAGS) $(LIBS) - - bin/smbwrapper.32.@SHLIBEXT@: $(PICOBJS32) - @echo Linking shared library $@ -- @$(LD) -32 @LDSHFLAGS@ -o $@ $(PICOBJS32) $(LIBS) -+ @$(LD) -32 @LDSHFLAGS@ -o $@ $(PICOBJS32) $(LDFLAGS) $(LIBS) - - bin/smbsh: $(SMBSH_OBJ) bin/.dummy - @echo Linking $@ -@@ -487,7 +487,7 @@ - - bin/libsmb.@SHLIBEXT@: $(LIBSMB_PICOBJS) bin/.dummy - @echo Linking shared library $@ -- @$(LD) @LDSHFLAGS@ -o $@ $(LIBSMB_PICOBJS) $(LIBS) -+ @$(LD) @LDSHFLAGS@ -o $@ $(LIBSMB_PICOBJS) $(LDFLAGS) $(LIBS) - - install: installbin installman installscripts installcp installswat - diff --git a/openwrt/package/samba/patches/301-config_files_path.patch b/openwrt/package/samba/patches/301-config_files_path.patch deleted file mode 100644 index 089d9f6ef..000000000 --- a/openwrt/package/samba/patches/301-config_files_path.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff -ruN samba-2.0.10-old/source/Makefile.in samba-2.0.10-new/source/Makefile.in ---- samba-2.0.10-old/source/Makefile.in 2005-08-22 03:03:17.000000000 +0200 -+++ samba-2.0.10-new/source/Makefile.in 2005-08-22 03:08:23.000000000 +0200 -@@ -31,6 +31,8 @@ - MANDIR = @mandir@ - SAMBABOOK = @sambabook@ - -+CONFIGDIR = @sysconfdir@ -+ - # The permissions to give the executables - INSTALLPERMS = 0755 - -@@ -39,9 +41,9 @@ - # or in smb.conf (see smb.conf(5)) - SMBLOGFILE = $(VARDIR)/smb - NMBLOGFILE = $(VARDIR)/nmb --CONFIGFILE = $(LIBDIR)/smb.conf --LMHOSTSFILE = $(LIBDIR)/lmhosts --DRIVERFILE = $(LIBDIR)/printers.def -+CONFIGFILE = $(CONFIGDIR)/smb.conf -+LMHOSTSFILE = $(CONFIGDIR)/lmhosts -+DRIVERFILE = $(CONFIGDIR)/printers.def - PASSWD_PROGRAM = /bin/passwd - # This is where smbpasswd et al go - PRIVATEDIR = @privatedir@ |