[debian-edu-commits] debian-edu/pkg-team/ 01/08: debian/patches: Add 0006_code-injection-in-samba-hash-generation.patch, 0007_update-sambaHashHook-description.patch. Fix potential code injection issue in Samba hash generation.

Mike Gabriel sunweaver at debian.org
Mon Jan 4 23:05:12 UTC 2016 

This is an automated email from the git hooks/post-receive script.

sunweaver pushed a commit to branch master
in repository gosa.

commit 475a7a3efb9eac49d124298195bfa36ffe173df2
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Mon Jan 4 22:56:15 2016 +0100

    debian/patches: Add 0006_code-injection-in-samba-hash-generation.patch, 0007_update-sambaHashHook-description.patch. Fix potential code injection issue in Samba hash generation.
---
 ...6_code-injection-in-samba-hash-generation.patch | 46 ++++++++++++++++++++++
 .../0007_update-sambaHashHook-description.patch    | 33 ++++++++++++++++
 debian/patches/series                              |  2 +
 3 files changed, 81 insertions(+)

diff --git a/debian/patches/0006_code-injection-in-samba-hash-generation.patch b/debian/patches/0006_code-injection-in-samba-hash-generation.patch
new file mode 100644
index 0000000..edef03a
--- /dev/null
+++ b/debian/patches/0006_code-injection-in-samba-hash-generation.patch
@@ -0,0 +1,46 @@
+From a67a047cba2cdae8bccb0f0e2bc6d3eb45cfcbc8 Mon Sep 17 00:00:00 2001
+From: bzapiec <bzapiec at 594d385d-05f5-0310-b6e9-bd551577e9d8>
+Date: Fri, 30 Oct 2015 10:07:20 +0000
+Subject: [PATCH] (See #1221) udpate samba hash generation due to a possible
+ code injection
+
+command line parameter will be passed base64 encoded to avoid
+complex escaping sequences that may alter the initial passphrase
+
+
+
+git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@21280 594d385d-05f5-0310-b6e9-bd551577e9d8
+---
+ include/class_core.inc | 2 +-
+ include/functions.inc  | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/gosa-core/include/class_core.inc b/gosa-core/include/class_core.inc
+index 510bc5e..d3acf5b 100644
+--- a/gosa-core/include/class_core.inc
++++ b/gosa-core/include/class_core.inc
+@@ -582,7 +582,7 @@ DEBUG_SI      = 256"),
+                         array(
+                                 "name"          => "sambaHashHook",
+                                 "type"          => "command",
+-                                "default"       => "perl -MCrypt::SmbHash -e \"print join(q[:], ntlmgen %password), $/;\"",
++                                "default"       => "perl -MCrypt::SmbHash -e \"use MIME::Base64; print join(q[:], ntlmgen decode_base64('%password')), $/;\"",
+                                 "description"   => _("Command to create Samba NT/LM hashes. Required for password synchronization if you don't use supplementary services."),
+                                 "check"         => "gosaProperty::isCommand",
+                                 "migrate"       => "",
+diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc
+index 7f84043..0385edf 100644
+--- a/gosa-core/include/functions.inc
++++ b/gosa-core/include/functions.inc
+@@ -3101,8 +3101,8 @@ function generate_smb_nt_hash($password)
+       $password = addcslashes($password, '$'); 
+       $password = addcslashes($password, '$'); // <- And again once, to be able to use it as parameter for the perl script.
+ 	  $tmp = $config->get_cfg_value("core",'sambaHashHook');
+-      $tmp = preg_replace("/%userPassword/", escapeshellarg($password), $tmp);
+-      $tmp = preg_replace("/%password/", escapeshellarg($password), $tmp);
++      $tmp = preg_replace("/%userPassword/", base64_encode($password), $tmp);
++      $tmp = preg_replace("/%password/", base64_encode($password), $tmp);
+ 	  @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, $tmp, "Execute");
+ 
+  	  exec($tmp, $ar);
+
diff --git a/debian/patches/0007_update-sambaHashHook-description.patch b/debian/patches/0007_update-sambaHashHook-description.patch
new file mode 100644
index 0000000..1681d97
--- /dev/null
+++ b/debian/patches/0007_update-sambaHashHook-description.patch
@@ -0,0 +1,33 @@
+
+m bc9c87ceec58566274402ef032e5c22d2f4e6d91 Mon Sep 17 00:00:00 2001
+From: bzapiec <bzapiec at 594d385d-05f5-0310-b6e9-bd551577e9d8>
+Date: Fri, 30 Oct 2015 10:09:48 +0000
+Subject: [PATCH] (See #1221)
+
+update sambaHashHook description
+
+
+
+git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@21281 594d385d-05f5-0310-b6e9-bd551577e9d8
+---
+ contrib/gosa.conf.5 | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gosa-core/contrib/gosa.conf.5 b/gosa-core/contrib/gosa.conf.5
+index 655b7f8..fa07e5b 100644
+--- a/gosa-core/contrib/gosa.conf.5
++++ b/gosa-core/contrib/gosa.conf.5
+@@ -1073,10 +1073,10 @@ The
+ statement contains an executable to generate samba hash values. This is required
+ for password synchronization, but not required if you apply gosa-si services.
+ If you don't have mkntpasswd from the samba distribution installed, you can use
+-perl to generate the hash:
++perl to generate the hash. Keep in mind to pass the value base64 encoded to perl:
+ 
+ .nf
+-perl -MCrypt::SmbHash -e "print join(q[:], ntlmgen \\$ARGV[0]), $/;"
++perl -MCrypt::SmbHash -e "print join(q[:], ntlmgen decode_base64('\\$ARGV[0]')), $/;"
+ .if
+ .PP
+ 
+
diff --git a/debian/patches/series b/debian/patches/series
index b202eac..b867acc 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,6 +3,8 @@
 0003_xss-vulnerability-on-login-screen.patch
 0004_fix-get-post.patch
 0005_fix-password-expiry-status.patch
+0006_code-injection-in-samba-hash-generation.patch
+0007_update-sambaHashHook-description.patch
 1001_fix-mass-ldapimport.patch
 1002_trim-decrypt.patch
 1003_RequestHeader-no-underscores-apache24.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/pkg-team/gosa.git

More information about the debian-edu-commits mailing list