diff options
author | Jeremy Allison <jra@samba.org> | 2016-01-05 11:18:12 -0800 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2016-02-24 11:39:59 +0100 |
commit | 76f6cf5bbfc1eececa3c76f492372fd66f5fa7ed (patch) | |
tree | 1c0f8f40cd7176b7bace8d621cf57c7a45824196 | |
parent | c23f6775c1b0310db03ae6d8ef45fa4b6e2a3e3e (diff) | |
download | samba-76f6cf5bbfc1eececa3c76f492372fd66f5fa7ed.tar.gz |
CVE-2015-7560: s3: smbd: Add refuse_symlink() function that can be used to prevent operations on a symlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r-- | source3/smbd/trans2.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index d5a38d4d5be..345daac47bf 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -54,6 +54,34 @@ static char *store_file_unix_basic_info2(connection_struct *conn, files_struct *fsp, const SMB_STRUCT_STAT *psbuf); +/**************************************************************************** + Check if an open file handle or pathname is a symlink. +****************************************************************************/ + +static NTSTATUS refuse_symlink(connection_struct *conn, + const files_struct *fsp, + const char *name) +{ + SMB_STRUCT_STAT sbuf; + const SMB_STRUCT_STAT *pst = NULL; + + if (fsp) { + pst = &fsp->fsp_name->st; + } else { + int ret = vfs_stat_smb_basename(conn, + name, + &sbuf); + if (ret == -1) { + return map_nt_error_from_unix(errno); + } + pst = &sbuf; + } + if (S_ISLNK(pst->st_ex_mode)) { + return NT_STATUS_ACCESS_DENIED; + } + return NT_STATUS_OK; +} + /******************************************************************** The canonical "check access" based on object handle or path function. ********************************************************************/ |