From 0e239c615eac4d8368b983180325876d70eb2dde Mon Sep 17 00:00:00 2001
From: eaglegai <eaglegai@163.com>
Date: Mon, 25 Oct 2021 20:03:47 +0800
Subject: [PATCH] fix CVE-2021-3671

Signed-off-by: liaichun <liaichun@huawei.com>
---
 backport-CVE-2021-3671.patch | 39 ++++++++++++++++++++++++++++++++++++
 samba.spec                   |  9 ++++++++-
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2021-3671.patch

diff --git a/backport-CVE-2021-3671.patch b/backport-CVE-2021-3671.patch
new file mode 100644
index 0000000..1e53b4b
--- /dev/null
+++ b/backport-CVE-2021-3671.patch
@@ -0,0 +1,39 @@
+From 0cb4b939f192376bf5e33637863a91a20f74c5a5 Mon Sep 17 00:00:00 2001
+From: Luke Howard <lukeh@padl.com>
+Date: Fri, 27 Aug 2021 11:42:48 +1000
+Subject: [PATCH] CVE-2021-3671 HEIMDAL kdc: validate sname in TGS-REQ
+
+In tgs_build_reply(), validate the server name in the TGS-REQ is present before
+dereferencing.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
+
+[abartlet@samba.org backported from from Heimdal
+commit 04171147948d0a3636bc6374181926f0fb2ec83a via reference
+to an earlier patch by Joseph Sutton]
+
+RN: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ
+
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ source4/heimdal/kdc/krb5tgs.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
+index b76726cdd64..d143eb739eb 100644
+--- a/source4/heimdal/kdc/krb5tgs.c
++++ b/source4/heimdal/kdc/krb5tgs.c
+@@ -1603,6 +1603,10 @@ tgs_build_reply(krb5_context context,
+ 
+ 	s = &adtkt.cname;
+ 	r = adtkt.crealm;
++    } else if (s == NULL) {
++	ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
++	krb5_set_error_message(context, ret, "No server in request");
++	goto out;
+     }
+ 
+     _krb5_principalname2krb5_principal(context, &sp, *s, r);
+-- 
+GitLab
+
diff --git a/samba.spec b/samba.spec
index d0689dc..1eaa475 100644
--- a/samba.spec
+++ b/samba.spec
@@ -49,7 +49,7 @@
 
 Name:           samba
 Version:        4.12.5
-Release:        3
+Release:        4
 
 Summary:        A suite for Linux to interoperate with Windows
 License:        GPLv3+ and LGPLv3+
@@ -71,6 +71,7 @@ Patch1:         0001-CVE-2020-14383.patch
 Patch2:         0002-CVE-2020-14383.patch
 Patch3:         CVE-2020-14318.patch
 Patch4:         CVE-2020-14323.patch
+Patch5:         backport-CVE-2021-3671.patch
 
 BuildRequires: avahi-devel bison cups-devel dbus-devel docbook-style-xsl e2fsprogs-devel flex gawk gnupg2 gnutls-devel >= 3.4.7 gpgme-devel
 BuildRequires: jansson-devel krb5-devel >= %{required_mit_krb5} libacl-devel libaio-devel libarchive-devel libattr-devel 
@@ -3091,6 +3092,12 @@ fi
 %endif
 
 %changelog
+* Thu Oct 27 2021 Aichun Li <liaichun@huawei.com> - 4.12.5-4
+- Type:cves
+- Id:CVE-2021-3671
+- SUG:NA
+- DESC:fix CVE-2021-3671
+
 * Sat Mar 27 2021 chxssg <chxssg@qq.com> - 4.12.5-3
 - Type:cves
 - Id:CVE-2020-14318 CVE-2020-14323 CVE-2020-14383
-- 
Gitee