summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2019-08-06 12:08:09 -0700
committerKarolin Seeger <kseeger@samba.org>2019-10-24 11:45:18 +0200
commit284c98515b9963838792e8452d16294e86c899af (patch)
treeba9694dde68cefbcff4243f1467b6fffe5bc3e7a
parent13bc9d7365751f12eb2f752eefe95fb610c65f30 (diff)
downloadsamba-284c98515b9963838792e8452d16294e86c899af.tar.gz
CVE-2019-10218 - s3: libsmb: Protect SMB2 client code from evil server returned names.
Disconnect with NT_STATUS_INVALID_NETWORK_RESPONSE if so. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14071 Signed-off-by: Jeremy Allison <jra@samba.org>
Diffstat
-rw-r--r--source3/libsmb/cli_smb2_fnum.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index 3a64438a5b9..7b6c7e87cd4 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -1026,6 +1026,13 @@ NTSTATUS cli_smb2_list(struct cli_state *cli,
goto fail;
}
+ /* Protect against server attack. */
+ status = is_bad_finfo_name(cli, finfo);
+ if (!NT_STATUS_IS_OK(status)) {
+ smbXcli_conn_disconnect(cli->conn, status);
+ goto fail;
+ }
+
if (dir_check_ftype((uint32_t)finfo->mode,
(uint32_t)attribute)) {
/*
View Lorry Controller Status