Common bugs fixed in 3.0.7 include:
+ o Fixes for two Denial of Service vulnerabalities
+ (CVE ID# CAN-2004-0807 & CAN-2004-0808).
o Winbind failure to return user entries under certain
conditions.
o Syntax errors in the OpenLDAP schema file (samba.schema).
* More paranoia checks in the hash2 mangling code.
* Fix syntax error in configure.in.
* Match Win2k3's behavior for pathname parsing error returns.
+ * Make nmbd more robust against bad netbios packets
+ (CAN-2004-0808).
+ * Add more checks for invalid ASN.1 packets for SPNEGO packets
+ (CAN-2004-0807).
o Andrew Bartlett <abartlet@samba.org>
/* read from a ASN1 buffer, advancing the buffer pointer */
BOOL asn1_read(ASN1_DATA *data, void *p, int len)
{
+ if (data->has_error)
+ return False;
+
if (len < 0 || data->ofs + len < data->ofs || data->ofs + len < len) {
data->has_error = True;
return False;
/* work out how many bytes are left in this nested tag */
int asn1_tag_remaining(ASN1_DATA *data)
{
+ if (data->has_error)
+ return 0;
+
if (!data->nesting) {
data->has_error = True;
return -1;