CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
author: Jeremy Allison <jra@samba.org> 2016-12-15 13:06:31 -0800
committer: Karolin Seeger <kseeger@samba.org> 2017-03-22 10:48:06 +0100
commit: 3bae1508a10689a688b30676bc108f449bc68ddc (patch)
tree: 0f035677ff770a67b5e1e467f92b326a853d73d1
parent: 444d49b6b6d3112c482952dd27d65b39128351ad (diff)
download: samba-3bae1508a10689a688b30676bc108f449bc68ddc.tar.gz
1 files changed, 22 insertions, 1 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index d628d0be0d7..006be91f09e 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -638,7 +638,28 @@ NTSTATUS fd_open(struct connection_struct *conn,
 		flags |= O_NOFOLLOW;
 	}
 
-	fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
+	/* Ensure path is below share definition. */
+	if (!lp_widelinks(SNUM(conn))) {
+		const char *conn_rootdir = SMB_VFS_CONNECTPATH(conn,
+						smb_fname->base_name);
+		if (conn_rootdir == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		/*
+		 * Only follow symlinks within a share
+		 * definition.
+		 */
+		fsp->fh->fd = non_widelink_open(conn,
+					conn_rootdir,
+					fsp,
+					smb_fname,
+					flags,
+					mode,
+					0);
+	} else {
+		fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
+	}
+
 	if (fsp->fh->fd == -1) {
 		int posix_errno = link_errno_convert(errno);
 		status = map_nt_error_from_unix(posix_errno);
author	Jeremy Allison <jra@samba.org>	2016-12-15 13:06:31 -0800
committer	Karolin Seeger <kseeger@samba.org>	2017-03-22 10:48:06 +0100
commit	3bae1508a10689a688b30676bc108f449bc68ddc (patch)
tree	0f035677ff770a67b5e1e467f92b326a853d73d1
parent	444d49b6b6d3112c482952dd27d65b39128351ad (diff)
download	samba-3bae1508a10689a688b30676bc108f449bc68ddc.tar.gz