diff options
author | Jeremy Allison <jra@samba.org> | 2016-01-05 10:38:28 -0800 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2016-02-24 11:39:59 +0100 |
commit | fa1c482083cc1b0f124490bd40ad79dd7e94de2c (patch) | |
tree | eff1cfce84a48ea6b4bb84869c3d44faa06565e6 | |
parent | 76f6cf5bbfc1eececa3c76f492372fd66f5fa7ed (diff) | |
download | samba-fa1c482083cc1b0f124490bd40ad79dd7e94de2c.tar.gz |
CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX file handle on a symlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r-- | source3/smbd/nttrans.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 04dddee5c3d..f812e853d49 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1905,6 +1905,13 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn, return NT_STATUS_ACCESS_DENIED; } + if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) { + DEBUG(10, ("ACL get on symlink %s denied.\n", + fsp_str_dbg(fsp))); + TALLOC_FREE(frame); + return NT_STATUS_ACCESS_DENIED; + } + if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER| SECINFO_GROUP|SECINFO_SACL)) { /* Don't return SECINFO_LABEL if anything else was |