current/SOURCES/samba-3.5.8-CVE-2013-0213-CVE-2013-0214.patch

diff -u -r --new-file --exclude .svn --exclude CVS samba-3.5.20/source3/web/cgi.c samba-3.5.21/source3/web/cgi.c
--- samba-3.5.20/source3/web/cgi.c      2012-12-14 10:14:09.000000000 +0100
+++ samba-3.5.21/source3/web/cgi.c      2013-01-29 10:52:38.000000000 +0100
@@ -45,6 +45,7 @@
 static char *pathinfo;
 static char *C_user;
 static char *C_pass;
+static char *C_nonce;
 static bool inetd_server;
 static bool got_request;
 
@@ -326,19 +327,7 @@
        C_user = SMB_STRDUP(user);
 
        if (!setuid(0)) {
-               C_pass = secrets_fetch_generic("root", "SWAT");
-               if (C_pass == NULL) {
-                       char *tmp_pass = NULL;
-                       tmp_pass = generate_random_str(talloc_tos(), 16);
-                       if (tmp_pass == NULL) {
-                               printf("%sFailed to create random nonce for "
-                                      "SWAT session\n<br>%s\n", head, tail);
-                               exit(0);
-                       }
-                       secrets_store_generic("root", "SWAT", tmp_pass);
-                       C_pass = SMB_STRDUP(tmp_pass);
-                       TALLOC_FREE(tmp_pass);
-               }
+               C_pass = SMB_STRDUP(cgi_nonce());
        }
        setuid(pwd->pw_uid);
        if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) {
@@ -451,6 +440,30 @@
 }
 
 /***************************************************************************
+return a ptr to the nonce
+  ***************************************************************************/
+char *cgi_nonce(void)
+{
+       const char *head = "Content-Type: text/html\r\n\r\n<HTML><BODY><H1>SWAT installation Error</H1>\n";
+       const char *tail = "</BODY></HTML>\r\n";
+       C_nonce = secrets_fetch_generic("root", "SWAT");
+       if (C_nonce == NULL) {
+               char *tmp_pass = NULL;
+               tmp_pass = generate_random_str(talloc_tos(), 16);
+               if (tmp_pass == NULL) {
+                       printf("%sFailed to create random nonce for "
+                              "SWAT session\n<br>%s\n", head, tail);
+                       exit(0);
+               }
+               secrets_store_generic("root", "SWAT", tmp_pass);
+               C_nonce = SMB_STRDUP(tmp_pass);
+               TALLOC_FREE(tmp_pass);
+       }
+       return(C_nonce);
+}
+
+
+/***************************************************************************
 handle a file download
   ***************************************************************************/
 static void cgi_download(char *file)
diff -u -r --new-file --exclude .svn --exclude CVS samba-3.5.20/source3/web/swat.c samba-3.5.21/source3/web/swat.c
--- samba-3.5.20/source3/web/swat.c     2012-12-14 10:14:09.000000000 +0100
+++ samba-3.5.21/source3/web/swat.c     2013-01-29 10:52:38.000000000 +0100
@@ -148,6 +148,7 @@
        struct MD5Context md5_ctx;
        uint8_t token[16];
        int i;
+       char *nonce = cgi_nonce();
 
        token_str[0] = '\0';
        ZERO_STRUCT(md5_ctx);
@@ -161,6 +162,7 @@
        if (pass != NULL) {
                MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass));
        }
+       MD5Update(&md5_ctx, (uint8_t *)nonce, strlen(nonce));
 
        MD5Final(token, &md5_ctx);
 
@@ -260,7 +262,8 @@
        if (!cgi_waspost()) {
                printf("Expires: 0\r\n");
        }
-       printf("Content-type: text/html\r\n\r\n");
+       printf("Content-type: text/html\r\n");
+       printf("X-Frame-Options: DENY\r\n\r\n");
 
        if (!include_html("include/header.html")) {
                printf("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2//EN\">\n");
diff -u -r --new-file --exclude .svn --exclude CVS samba-3.5.20/source3/web/swat_proto.h samba-3.5.21/source3/web/swat_proto.h
--- samba-3.5.20/source3/web/swat_proto.h       2012-12-14 10:14:09.000000000 +0100
+++ samba-3.5.21/source3/web/swat_proto.h       2013-01-29 10:52:38.000000000 +0100
@@ -32,6 +32,7 @@
 bool am_root(void);
 char *cgi_user_name(void);
 char *cgi_user_pass(void);
+char *cgi_nonce(void);
 void cgi_setup(const char *rootdir, int auth_required);
 const char *cgi_baseurl(void);
 const char *cgi_pathinfo(void);
1	diff -u -r --new-file --exclude .svn --exclude CVS samba-3.5.20/source3/web/cgi.c samba-3.5.21/source3/web/cgi.c
2	--- samba-3.5.20/source3/web/cgi.c 2012-12-14 10:14:09.000000000 +0100
3	+++ samba-3.5.21/source3/web/cgi.c 2013-01-29 10:52:38.000000000 +0100
4	@@ -45,6 +45,7 @@
5	static char *pathinfo;
6	static char *C_user;
7	static char *C_pass;
8	+static char *C_nonce;
9	static bool inetd_server;
10	static bool got_request;
11
12	@@ -326,19 +327,7 @@
13	C_user = SMB_STRDUP(user);
14
15	if (!setuid(0)) {
16	- C_pass = secrets_fetch_generic("root", "SWAT");
17	- if (C_pass == NULL) {
18	- char *tmp_pass = NULL;
19	- tmp_pass = generate_random_str(talloc_tos(), 16);
20	- if (tmp_pass == NULL) {
21	- printf("%sFailed to create random nonce for "
22	- "SWAT session\n<br>%s\n", head, tail);
23	- exit(0);
24	- }
25	- secrets_store_generic("root", "SWAT", tmp_pass);
26	- C_pass = SMB_STRDUP(tmp_pass);
27	- TALLOC_FREE(tmp_pass);
28	- }
29	+ C_pass = SMB_STRDUP(cgi_nonce());
30	}
31	setuid(pwd->pw_uid);
32	if (geteuid() != pwd->pw_uid \|\| getuid() != pwd->pw_uid) {
33	@@ -451,6 +440,30 @@
34	}
35
36	/***************************************************************************
37	+return a ptr to the nonce
38	+ ***************************************************************************/
39	+char *cgi_nonce(void)
40	+{
41	+ const char *head = "Content-Type: text/html\r\n\r\n<HTML><BODY><H1>SWAT installation Error</H1>\n";
42	+ const char *tail = "</BODY></HTML>\r\n";
43	+ C_nonce = secrets_fetch_generic("root", "SWAT");
44	+ if (C_nonce == NULL) {
45	+ char *tmp_pass = NULL;
46	+ tmp_pass = generate_random_str(talloc_tos(), 16);
47	+ if (tmp_pass == NULL) {
48	+ printf("%sFailed to create random nonce for "
49	+ "SWAT session\n<br>%s\n", head, tail);
50	+ exit(0);
51	+ }
52	+ secrets_store_generic("root", "SWAT", tmp_pass);
53	+ C_nonce = SMB_STRDUP(tmp_pass);
54	+ TALLOC_FREE(tmp_pass);
55	+ }
56	+ return(C_nonce);
57	+}
58	+
59	+
60	+/***************************************************************************
61	handle a file download
62	***************************************************************************/
63	static void cgi_download(char *file)
64	diff -u -r --new-file --exclude .svn --exclude CVS samba-3.5.20/source3/web/swat.c samba-3.5.21/source3/web/swat.c
65	--- samba-3.5.20/source3/web/swat.c 2012-12-14 10:14:09.000000000 +0100
66	+++ samba-3.5.21/source3/web/swat.c 2013-01-29 10:52:38.000000000 +0100
67	@@ -148,6 +148,7 @@
68	struct MD5Context md5_ctx;
69	uint8_t token[16];
70	int i;
71	+ char *nonce = cgi_nonce();
72
73	token_str[0] = '\0';
74	ZERO_STRUCT(md5_ctx);
75	@@ -161,6 +162,7 @@
76	if (pass != NULL) {
77	MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass));
78	}
79	+ MD5Update(&md5_ctx, (uint8_t *)nonce, strlen(nonce));
80
81	MD5Final(token, &md5_ctx);
82
83	@@ -260,7 +262,8 @@
84	if (!cgi_waspost()) {
85	printf("Expires: 0\r\n");
86	}
87	- printf("Content-type: text/html\r\n\r\n");
88	+ printf("Content-type: text/html\r\n");
89	+ printf("X-Frame-Options: DENY\r\n\r\n");
90
91	if (!include_html("include/header.html")) {
92	printf("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2//EN\">\n");
93	diff -u -r --new-file --exclude .svn --exclude CVS samba-3.5.20/source3/web/swat_proto.h samba-3.5.21/source3/web/swat_proto.h
94	--- samba-3.5.20/source3/web/swat_proto.h 2012-12-14 10:14:09.000000000 +0100
95	+++ samba-3.5.21/source3/web/swat_proto.h 2013-01-29 10:52:38.000000000 +0100
96	@@ -32,6 +32,7 @@
97	bool am_root(void);
98	char *cgi_user_name(void);
99	char *cgi_user_pass(void);
100	+char *cgi_nonce(void);
101	void cgi_setup(const char *rootdir, int auth_required);
102	const char *cgi_baseurl(void);
103	const char *cgi_pathinfo(void);