2 files changed, 39 insertions, 0 deletions

diff --git a/net-fs/samba/files/3.0.26a-CVE-2007-5398.patch b/net-fs/samba/files/3.0.26a-CVE-2007-5398.patch
new file mode 100644
index 000000000000..e27c73e596f9
--- /dev/null
+++ b/net-fs/samba/files/3.0.26a-CVE-2007-5398.patch
@@ -0,0 +1,36 @@
+commit 089a51061b1be809f278ab4e9a741d0a44e52750
+Author: Gerald (Jerry) Carter <jerry@samba.org>
+Date:   Wed Nov 14 20:51:14 2007 -0600
+
+    Fix for CVE-2007-5398.
+    
+    == Subject:     Remote code execution in Samba's WINS
+    ==              server daemon (nmbd) when processing name
+    ==              registration followed name query requests.
+    ==
+    == CVE ID#:     CVE-2007-5398
+    ==
+    == Versions:    Samba 3.0.0 - 3.0.26a (inclusive)
+    ...
+    Secunia Research reported a vulnerability that allows for
+    the execution of arbitrary code in nmbd.  This defect may
+    only be exploited when the "wins support" parameter has
+    been enabled in smb.conf.
+
+diff --git a/source/nmbd/nmbd_packets.c b/source/nmbd/nmbd_packets.c
+index 87a38b9..bbcc1ec 100644
+--- a/source/nmbd/nmbd_packets.c
++++ b/source/nmbd/nmbd_packets.c
+@@ -963,6 +963,12 @@ for id %hu\n", packet_type, nmb_namestr(&orig_nmb->question.question_name),
+ 	nmb->answers->ttl      = ttl;
+   
+ 	if (data && len) {
++		if (len < 0 || len > sizeof(nmb->answers->rdata)) {
++			DEBUG(5,("reply_netbios_packet: "
++				"invalid packet len (%d)\n",
++				len ));
++			return;
++		}
+ 		nmb->answers->rdlength = len;
+ 		memcpy(nmb->answers->rdata, data, len);
+ 	}
diff --git a/net-fs/samba/files/digest-samba-3.0.26a-r2 b/net-fs/samba/files/digest-samba-3.0.26a-r2
new file mode 100644
index 000000000000..7056d3102e2e
--- /dev/null
+++ b/net-fs/samba/files/digest-samba-3.0.26a-r2
@@ -0,0 +1,3 @@
+MD5 16b47e6add332e5ac4523fc88c381d06 samba-3.0.26a.tar.gz 18180031
+RMD160 9a62ba3ea2747b500ddea56729499524ae4329d2 samba-3.0.26a.tar.gz 18180031
+SHA256 41e11f69288b2291f12f8db093e2c55dc1360555d4542c83c0758c4c7a3d4d37 samba-3.0.26a.tar.gz 18180031