diff options
author | Jeremy Allison <jra@samba.org> | 2019-08-06 12:08:09 -0700 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2019-10-24 11:45:18 +0200 |
commit | 284c98515b9963838792e8452d16294e86c899af (patch) | |
tree | ba9694dde68cefbcff4243f1467b6fffe5bc3e7a | |
parent | 13bc9d7365751f12eb2f752eefe95fb610c65f30 (diff) | |
download | samba-284c98515b9963838792e8452d16294e86c899af.tar.gz |
CVE-2019-10218 - s3: libsmb: Protect SMB2 client code from evil server returned names.
Disconnect with NT_STATUS_INVALID_NETWORK_RESPONSE if so.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14071
Signed-off-by: Jeremy Allison <jra@samba.org>
-rw-r--r-- | source3/libsmb/cli_smb2_fnum.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c index 3a64438a5b9..7b6c7e87cd4 100644 --- a/source3/libsmb/cli_smb2_fnum.c +++ b/source3/libsmb/cli_smb2_fnum.c @@ -1026,6 +1026,13 @@ NTSTATUS cli_smb2_list(struct cli_state *cli, goto fail; } + /* Protect against server attack. */ + status = is_bad_finfo_name(cli, finfo); + if (!NT_STATUS_IS_OK(status)) { + smbXcli_conn_disconnect(cli->conn, status); + goto fail; + } + if (dir_check_ftype((uint32_t)finfo->mode, (uint32_t)attribute)) { /* |