www.samba.org/samba/ftp/patches/security/samba-3.5.20-CVE-2013-0213-CVE-2013-0214.patch
diff -Naurp samba-3.5.10/source3/web/cgi.c samba-3.5.10.oden/source3/web/cgi.c
--- samba-3.5.10/source3/web/cgi.c 2011-07-24 20:04:44.000000000 +0000
+++ samba-3.5.10.oden/source3/web/cgi.c 2013-02-11 09:07:46.000000000 +0000
@@ -45,6 +45,7 @@ static const char *baseurl;
static char *pathinfo;
static char *C_user;
static char *C_pass;
+static char *C_nonce;
static bool inetd_server;
static bool got_request;
@@ -326,19 +327,7 @@ static void cgi_web_auth(void)
C_user = SMB_STRDUP(user);
if (!setuid(0)) {
- C_pass = secrets_fetch_generic("root", "SWAT");
- if (C_pass == NULL) {
- char *tmp_pass = NULL;
- tmp_pass = generate_random_str(talloc_tos(), 16);
- if (tmp_pass == NULL) {
- printf("%sFailed to create random nonce for "
- "SWAT session\n<br>%s\n", head, tail);
- exit(0);
- }
- secrets_store_generic("root", "SWAT", tmp_pass);
- C_pass = SMB_STRDUP(tmp_pass);
- TALLOC_FREE(tmp_pass);
- }
+ C_pass = SMB_STRDUP(cgi_nonce());
}
setuid(pwd->pw_uid);
if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) {
@@ -451,6 +440,30 @@ char *cgi_user_pass(void)
}
/***************************************************************************
+return a ptr to the nonce
+ ***************************************************************************/
+char *cgi_nonce(void)
+{
+ const char *head = "Content-Type: text/html\r\n\r\n<HTML><BODY><H1>SWAT installation Error</H1>\n";
+ const char *tail = "</BODY></HTML>\r\n";
+ C_nonce = secrets_fetch_generic("root", "SWAT");
+ if (C_nonce == NULL) {
+ char *tmp_pass = NULL;
+ tmp_pass = generate_random_str(talloc_tos(), 16);
+ if (tmp_pass == NULL) {
+ printf("%sFailed to create random nonce for "
+ "SWAT session\n<br>%s\n", head, tail);
+ exit(0);
+ }
+ secrets_store_generic("root", "SWAT", tmp_pass);
+ C_nonce = SMB_STRDUP(tmp_pass);
+ TALLOC_FREE(tmp_pass);
+ }
+ return(C_nonce);
+}
+
+
+/***************************************************************************
handle a file download
***************************************************************************/
static void cgi_download(char *file)
diff -Naurp samba-3.5.10/source3/web/swat.c samba-3.5.10.oden/source3/web/swat.c
--- samba-3.5.10/source3/web/swat.c 2011-07-24 20:04:44.000000000 +0000
+++ samba-3.5.10.oden/source3/web/swat.c 2013-02-11 09:07:46.000000000 +0000
@@ -148,6 +148,7 @@ void get_xsrf_token(const char *username
struct MD5Context md5_ctx;
uint8_t token[16];
int i;
+ char *nonce = cgi_nonce();
token_str[0] = '\0';
ZERO_STRUCT(md5_ctx);
@@ -161,6 +162,7 @@ void get_xsrf_token(const char *username
if (pass != NULL) {
MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass));
}
+ MD5Update(&md5_ctx, (uint8_t *)nonce, strlen(nonce));
MD5Final(token, &md5_ctx);
@@ -247,7 +249,8 @@ static void print_header(void)
if (!cgi_waspost()) {
printf("Expires: 0\r\n");
}
- printf("Content-type: text/html\r\n\r\n");
+ printf("Content-type: text/html\r\n");
+ printf("X-Frame-Options: DENY\r\n\r\n");
if (!include_html("include/header.html")) {
printf("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2//EN\">\n");
diff -Naurp samba-3.5.10/source3/web/swat_proto.h samba-3.5.10.oden/source3/web/swat_proto.h
--- samba-3.5.10/source3/web/swat_proto.h 2011-07-24 20:04:44.000000000 +0000
+++ samba-3.5.10.oden/source3/web/swat_proto.h 2013-02-11 09:07:46.000000000 +0000
@@ -32,6 +32,7 @@ const char *cgi_variable_nonull(const ch
bool am_root(void);
char *cgi_user_name(void);
char *cgi_user_pass(void);
+char *cgi_nonce(void);
void cgi_setup(const char *rootdir, int auth_required);
const char *cgi_baseurl(void);
const char *cgi_pathinfo(void);
distrib
>
Mandriva
>
2011.0
>
i586
>
media
>
main-updates-src
>
by-pkgid
>
7fd2725321605111ec32fb945697c6f3
>
files
>
10
