diff options
author | Stefan Metzmacher <metze@samba.org> | 2019-07-11 17:01:29 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2019-09-03 08:07:37 +0000 |
commit | 6fae81312fad5caf948f0f0f48b84fd3f59dc944 (patch) | |
tree | 81d746805b69d8324d5f529b8de56528b700c359 | |
parent | e48c11896904fd063619a95d3fa7ceccbf2beb56 (diff) | |
download | samba-6fae81312fad5caf948f0f0f48b84fd3f59dc944.tar.gz |
CVE-2019-10197: smbd: make sure that change_to_user_internal() always resets current_user.done_chdir
We should not leave current_user.done_chdir as true if we didn't call
chdir_current_service() with success.
This caused problems in when calling vfs_ChDir() in pop_conn_ctx() when
chdir_current_service() worked once on one share but later failed on another
share.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
-rw-r--r-- | source3/smbd/uid.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 0952c0aff59..2b3b25fa446 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -427,6 +427,7 @@ static bool change_to_user_internal(connection_struct *conn, current_user.conn = conn; current_user.vuid = vuid; current_user.need_chdir = conn->tcon_done; + current_user.done_chdir = false; if (current_user.need_chdir) { ok = chdir_current_service(conn); |