diff options
author | Karolin Seeger <kseeger@samba.org> | 2009-09-28 20:36:29 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2009-10-01 14:25:01 +0200 |
commit | c7078ea2479e9963f7758e82bda247f48de2d4be (patch) | |
tree | 8bb8cece4f8ce34aa6e6792f8223fabb00483010 | |
parent | a9cdec42bf587aad5bdd22a196a8f37c68270b23 (diff) | |
download | samba-c7078ea2479e9963f7758e82bda247f48de2d4be.tar.gz |
Fix for CVE-2009-2813.
===========================================================
== Subject: Misconfigured /etc/passwd file may share folders unexpectedly
==
== CVE ID#: CVE-2009-2813
==
== Versions: All versions of Samba later than 3.0.11
==
== Summary: If a user in /etc/passwd is misconfigured to have
== an empty home directory then connecting to the home
== share of this user will use the root of the filesystem
== as the home directory.
===========================================================
(cherry picked from commit c1a4a99f8cc5803682a94060efee1adf330c4f02)
-rw-r--r-- | source/param/loadparm.c | 7 | ||||
-rw-r--r-- | source/smbd/service.c | 11 |
2 files changed, 16 insertions, 2 deletions
diff --git a/source/param/loadparm.c b/source/param/loadparm.c index 4fc0c06a976..71a0e7b361d 100644 --- a/source/param/loadparm.c +++ b/source/param/loadparm.c @@ -2655,6 +2655,11 @@ BOOL lp_add_home(const char *pszHomename, int iDefaultService, int i; pstring newHomedir; + if (pszHomename == NULL || user == NULL || pszHomedir == NULL || + pszHomedir[0] == '\0') { + return False; + } + i = add_a_service(ServicePtrs[iDefaultService], pszHomename); if (i < 0) @@ -4135,7 +4140,7 @@ static void lp_add_auto_services(char *str) if (lp_servicenumber(p) >= 0) continue; - if (home && homes >= 0) + if (home && home[0] && homes >= 0) lp_add_home(p, homes, p, home); } SAFE_FREE(s); diff --git a/source/smbd/service.c b/source/smbd/service.c index bfe9649ea4a..390e606f3ce 100644 --- a/source/smbd/service.c +++ b/source/smbd/service.c @@ -224,7 +224,7 @@ int add_home_service(const char *service, const char *username, const char *home { int iHomeService; - if (!service || !homedir) + if (!service || !homedir || homedir[0] == '\0') return -1; if ((iHomeService = lp_servicenumber(HOMES_NAME)) < 0) @@ -801,6 +801,15 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, get_current_username(), current_user_info.domain, s, sizeof(s)); + + if (s[0] == '\0') { + DEBUG(6, ("service [%s] did not resolve to a path\n", + lp_servicename(snum))); + conn_free(conn); + *status = NT_STATUS_BAD_NETWORK_NAME; + return NULL; + } + set_conn_connectpath(conn,s); DEBUG(3,("Connect path is '%s' for service [%s]\n",s, lp_servicename(snum))); |