From f915c311274925a7d38c8661ddfa243d82739cd9 Mon Sep 17 00:00:00 2001 From: Kalle Olavi Niemitalo Date: Sat, 18 Nov 2006 20:39:01 +0200 Subject: [PATCH] Bug 841, CVE-2006-5925: Prevent enabling the SMB protocol. src/protocol/smb/smb.c: Added #error directives so that this vulnerable code cannot be accidentally compiled in. features.conf: Disable CONFIG_SMB by default and explain why. configure.in: If CONFIG_SMB is enabled, disable it and warn the user. This is for people who have customized features.conf. --- configure.in | 8 +++++++- features.conf | 10 ++++++++-- src/protocol/smb/smb.c | 3 +++ 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/configure.in b/configure.in index 1748e1dc..f3b2f5da 100644 --- a/configure.in +++ b/configure.in @@ -1246,7 +1246,13 @@ EL_ARG_ENABLE(CONFIG_NNTP, nntp, [NNTP protocol], [ --enable-nntp enable nntp protocol support]) EL_ARG_DEPEND(CONFIG_SMB, smb, [HAVE_SMBCLIENT:yes], [SMB protocol], - [ --disable-smb disable SMB protocol support (requires smbclient)]) + [ --enable-smb not currently allowed]) +dnl [ --disable-smb disable SMB protocol support (requires smbclient)]) +if test "$CONFIG_SMB" != no; then + AC_MSG_WARN([Ignoring --enable-smb because of vulnerability CVE-2006-5925. +If you want to use SMB, please vote for bug 844 or post a patch.]) + CONFIG_SMB=no +fi EL_ARG_ENABLE(CONFIG_MOUSE, mouse, [Mouse handling], diff --git a/features.conf b/features.conf index 067be180..0a756f74 100644 --- a/features.conf +++ b/features.conf @@ -373,9 +373,15 @@ CONFIG_NNTP=no # will need to install Samba (or at least just the smbclient part, if you can # install it separately). # -# Default: enabled if smbclient will be found +# Unfortunately, ELinks doesn't yet properly validate the file name passed to +# smbclient, and this caused vulnerability CVE-2006-5925 (bug 841). To close +# the vulnerability, configure.in now disables the SMB protocol regardless +# of what you specify here. If you would like to fix the code so that the +# protocol can be safely enabled again, please see bug 844. +# +# Default: disabled -CONFIG_SMB=yes +CONFIG_SMB=no ### Cascading Style Sheets diff --git a/src/protocol/smb/smb.c b/src/protocol/smb/smb.c index d8b4a93e..e183baed 100644 --- a/src/protocol/smb/smb.c +++ b/src/protocol/smb/smb.c @@ -4,6 +4,9 @@ #define _GNU_SOURCE /* Needed for asprintf() */ #endif +#error SMB protocol support is vulnerable to CVE-2006-5925. Do not use. +#error If you want to use SMB, please vote for bug 844 or post a patch. + #ifdef HAVE_CONFIG_H #include "config.h" #endif -- 2.11.4.GIT