aboutsummaryrefslogtreecommitdiffstats
path: root/net/samba420/files/Oct25CVEs.patch
diff options
context:
space:
mode:
authorLexi Winter <ivy@FreeBSD.org>2025-12-01 03:19:41 +0000
committerLexi Winter <ivy@FreeBSD.org>2025-12-01 03:19:41 +0000
commit2e80774d0b20d167bc0a9e2b63dafbfb171c0d22 (patch)
tree25f0138e1af8902b92dacc8cce09b267447c17db /net/samba420/files/Oct25CVEs.patch
parentf85f2b2d6e5b7ed869376eb4b180c3a74a5c5da9 (diff)
parent1a30da80670973368b399f2b01fe9c04b91a1273 (diff)
Merge remote-tracking branch 'freebsd/main' into lf/mainlf/main
Diffstat (limited to 'net/samba420/files/Oct25CVEs.patch')
-rw-r--r--net/samba420/files/Oct25CVEs.patch49
1 files changed, 49 insertions, 0 deletions
diff --git a/net/samba420/files/Oct25CVEs.patch b/net/samba420/files/Oct25CVEs.patch
new file mode 100644
index 000000000000..3f84f60d699f
--- /dev/null
+++ b/net/samba420/files/Oct25CVEs.patch
@@ -0,0 +1,49 @@
+diff -Naurp a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
+index 03ff6147cb0..4fb4f42baa0 100644
+--- a/source3/modules/vfs_streams_xattr.c
++++ b/source3/modules/vfs_streams_xattr.c
+@@ -959,14 +959,17 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle,
+
+ if ((offset + n) > ea.value.length - config->xattr_compat_bytes) {
+ uint8_t *tmp;
++ size_t new_sz = offset + n + config->xattr_compat_bytes;
+
+ tmp = talloc_realloc(talloc_tos(), ea.value.data, uint8_t,
+- offset + n + config->xattr_compat_bytes);
++ new_sz);
+
+ if (tmp == NULL) {
+ TALLOC_FREE(ea.value.data);
+ errno = ENOMEM;
+ return -1;
+ }
++
++ memset(tmp + ea.value.length, 0, new_sz - ea.value.length);
+ ea.value.data = tmp;
+- ea.value.length = offset + n + config->xattr_compat_bytes;
++ ea.value.length = new_sz;
+ if (config->xattr_compat_bytes) {
+
+diff -Naurp a/source4/nbt_server/wins/wins_hook.c b/source4/nbt_server/wins/wins_hook.c
+index 1af471b15bc..442141fecdd 100644
+--- a/source4/nbt_server/wins/wins_hook.c
++++ b/source4/nbt_server/wins/wins_hook.c
+@@ -43,9 +43,18 @@ void wins_hook(struct winsdb_handle *h, const struct winsdb_record *rec,
+ int child;
+ char *cmd = NULL;
+ TALLOC_CTX *tmp_mem = NULL;
++ const char *p = NULL;
+
+ if (!wins_hook_script || !wins_hook_script[0]) return;
+
++ for (p = rec->name->name; *p; p++) {
++ if (!(isalnum((int)*p) || strchr_m("._-", *p))) {
++ DBG_ERR("not calling wins hook for invalid name %s\n",
++ rec->name->name);
++ return;
++ }
++ }
++
+ tmp_mem = talloc_new(h);
+ if (!tmp_mem) goto failed;
+